CVE-2026-20246
MediumCVSS 6.0Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.
Risk Assessment
An attacker with vmadmin privileges could exploit this vulnerability to gain root access, posing a significant security risk to the device and the data it holds.
Recommendation
It is recommended to update the Cisco Umbrella Virtual Appliance software to the latest version to patch this vulnerability and review the privileges of users with vmadmin access.
Original NVD description (English source)
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.

