CVE Catalog

CVE-2026-20160

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.91%

56th percentile — higher than 56% of all known CVEs

Summary

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The issue is due to unintentional exposure of an internal service.

Risk Assessment

An attacker can gain full root-level control over the operating system, leading to complete compromise of the host and potential access to sensitive network data.

Recommendation

Apply the Cisco-provided update for SSM On-Prem immediately and restrict API access to trusted networks only.

Original NVD description (English source)

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS