wid-sec-w-2026-0953 · Published 2026-04-01 · View on BSI CERT-Bund ↗

Cisco Integrated Management Controller: Multiple Vulnerabilities

CVSS 9.8 CRITICAL

Risk Summary

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

CVEs (10)

CVE-2026-20093 CVE-2026-20094 CVE-2026-20095 CVE-2026-20096 CVE-2026-20097 CVE-2026-20087 CVE-2026-20088 CVE-2026-20089 CVE-2026-20090 CVE-2026-20085

Affected Vendors

Cisco

Affected Products (19)

Cisco · Integrated Management Controller UCS C-Series M5 Rack ServerIMC <4.3(2.260007)

Cisco · Integrated Management Controller UCS C-Series M5 Rack ServerIMC 4.3(2.260007)

Cisco · Integrated Management Controller UCS C-Series M6 Rack Server IMC <4.3(2.260007)

Cisco · Integrated Management Controller UCS C-Series M6 Rack Server IMC 4.3(2.260007)

Cisco · Integrated Management Controller UCS C-Series M6 Rack Server IMC <6.0(1.250174)

Cisco · Integrated Management Controller UCS C-Series M6 Rack Server IMC 6.0(1.250174)

Cisco · Integrated Management Controller UCS E-Series M3 IMC <3.2.17

Cisco · Integrated Management Controller UCS E-Series M3 IMC 3.2.17

Cisco · Integrated Management Controller UCS E-Series M6 IMC <4.15.3

Cisco · Integrated Management Controller UCS E-Series M6 IMC 4.15.3

Cisco · Integrated Management Controller Hardware Platform

Cisco · Integrated Management Controller 5000 Series ENCS NFVIS <4.15.5

Cisco · Integrated Management Controller 5000 Series ENCS NFVIS 4.15.5

Cisco · Integrated Management Controller Catalyst 8300 Series Edge uCPE NFVIS <4.18.3

Cisco · Integrated Management Controller Catalyst 8300 Series Edge uCPE NFVIS 4.18.3

Cisco · Integrated Management Controller UCS C-Series M6 Rack Server IMC <6.0(2.260044)

Cisco · Integrated Management Controller UCS C-Series M6 Rack Server IMC 6.0(2.260044)

Cisco · Integrated Management Controller UCS S-Series Storage Server IMC <4.3(6.260017)

Cisco · Integrated Management Controller UCS S-Series Storage Server IMC 4.3(6.260017)

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more