CVE-2026-20246 — Vulnetix

CVE-2026-20246 PUBLISHED CVSS 6 MEDIUM

Reported by cisco · Published June 17, 2026

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Cisco	Cisco Umbrella Insights Virtual Appliance	2.6.0, 2.5.6, 2.5
Cisco	Cisco Umbrella Insights Virtual Appliance	2.6.0, 2.5.6, 2.5

Timeline

Jun 17, 2026 CVE Published
Jun 17, 2026 CVE Updated
Jun 18, 2026 EPSS Score
Jun 18, 2026 Coalition ESS Score

References

cisco-sa-umbrella-priv-esc-F4wJB7AU

Open in Interactive Console →