CVE-2026-20036 — Vulnetix

CVE-2026-20036 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device.    This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device with root-level privileges.

EPSS 0.06% · 18.8th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.06%

18.8th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Unified Computing System (Managed)	4.0(4h), 4.1(1a), 4.0(1c)

Exploit Intelligence

CIRCL seen: CVE-2026-20036 (circl-sighting)
cisco-sa-ucsm-cmdinj-GvxLPeSB (circl)
CVE-2026-20036.json (github-poc)
CVE-2026-20036.json (github-poc)
CVE-2026-20036.json (github-poc)
CVE-2026-20036.json (github-poc)

Timeline

Oct 8, 2025 CVE ID Reserved
Feb 25, 2026 CVE Published
Feb 25, 2026 PoC Published
Feb 26, 2026 EPSS Score
Feb 26, 2026 CVE Updated
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 4, 2026 EPSS Score
Mar 5, 2026 EPSS Score
Mar 7, 2026 EPSS Score
Mar 8, 2026 EPSS Score

References

cisco-sa-ucsm-cmdinj-GvxLPeSB url
https://nvd.nist.gov/vuln/detail/CVE-2026-20036 advisory

Open in Interactive Console →