Vulnerability
Cisco IMC authentication bypass exposure
Updated 02.04.2026 14:01
Case score 60
Score breakdown
- Total
- 60
- Lead score
- 60
- Support bonus
- +0 / 20
- Scoring support
- 0
- Context members
- 0
Top contributors
- Vulnerability Cisco IMC/CIMC password-change authentication bypass is the full basis of the case and drives the overall risk. base
Case score 60
Members 1
Latest activity 02.04.2026 14:01
Patch available
No known exploitation
Patch available
No known exploitation
Members 1
First seen 02.04.2026 14:01
Last seen 02.04.2026 14:01
Updated 02.04.2026 14:01
Overview
Cisco released security updates for **Cisco IMC/CIMC** after finding **CVE-2026-20093**, a password-change authentication bypass on **UCS C-Series and E-Series servers**. An unauthenticated attacker can send a crafted HTTP request to the management interface and reach **Admin** access if the device is unpatched.
Cisco says there are **no workarounds** and recommends upgrading to the fixed software as soon as possible. Available evidence does not show in-the-wild exploitation or proof-of-concept code.
Cisco released security updates for **Cisco IMC/CIMC** after finding **CVE-2026-20093**, a password-change authentication bypass on **UCS C-Series and E-Series servers**. An unauthenticated attacker can send a crafted HTTP request to the management interface and bypass authentication through the password-change path.
Successful exploitation can let the attacker change user passwords, including an **Admin** account, and gain administrative control of the management controller. Cisco says there are **no workarounds** and strongly recommends upgrading to the fixed software as soon as possible.
Available evidence does not identify in-the-wild exploitation or a proof-of-concept exploit for the flaw. The current response is straightforward patching of exposed devices, with risk concentrated on management interfaces that remain unpatched and reachable.