All CVEs
Vulnerability intelligence

CVE-2026-20160

CWE-668

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

CVSS Score
9.8
Critical
EPSS — Exploit Probability
0.9%
Riskier than 56% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
NVD entry PoC / advisory

3 articles across 3 outlets · first covered Apr 2, 2026 · latest Apr 2, 2026

Tracked incidents

Associated threat actors

Coverage timeline