VDB
CVE-2026-20093
CVE-2026-20093
PUBLISHED
CVE-2026-20093 is a vulnerability where an unauthenticated remote attacker can completely bypass the login process and gain full administrative access to the system. This allows the attacker to change the password of any user. Cisco IMC manages servers at a hardware level which makes this is especially dangerous as the attacker could manipulate hardware settings, power cycle servers, disrupt critical infrastructure, and use the compromised device to launch attacks on other systems on the network.
EPSS 0.03% · 7.7th percentile
Risk Scores
EPSS Score
0.03%
7.7th percentile
Exploit Intelligence
- CIRCL seen: CVE-2026-20093 (circl-sighting)
- CIRCL seen: CVE-2026-20093 (circl-sighting)
- cisco-sa-cimc-auth-bypass-AgG2BxTn (circl)
- run-tests.ps1 (github-poc)
- run-tests.ps1 (github-poc)
- run-tests.ps1 (github-poc)
- run-tests.ps1 (github-poc)
- run-tests.ps1 (github-poc)
- run-tests.ps1 (github-poc)
- poc.py (github-poc)
…and 5 more exploits
Timeline
- Apr 1, 2026 CVE Published
- Apr 1, 2026 PoC Published
- Apr 1, 2026 PoC Published
- Apr 2, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score