Vulnerability intelligence
CVE-2026-20160
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
CVSS Score
9.8
Critical
EPSS — Exploit Probability
0.9%
Riskier than 56% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
3 articles across 3 outlets · first covered Apr 2, 2026 · latest Apr 2, 2026
Tracked incidents
Associated threat actors
Coverage timeline
-
Cisco fixed critical and high-severity flawssecurityaffairs.com · Apr 2, 2026
-
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromisethehackernews.com · Apr 2, 2026
-
Cisco Patches Critical and High-Severity Vulnerabilitieswww.securityweek.com · Apr 2, 2026