Cisco IMC password change authentication bypass (CVE-2026-20093)
Vulnerability
Summary
Hide ▲
Show ▼
Cisco released security updates for Cisco IMC/CIMC after a password-change authentication bypass was found that lets unauthenticated attackers gain Admin access on affected UCS C-Series and E-Series servers. Tracked as CVE-2026-20093, the flaw can be triggered with a crafted HTTP request against the IMC password-change path. Cisco says there are no workarounds and recommends upgrading to the fixed software as soon as possible. The company has not found in-the-wild exploitation or proof-of-concept exploit code.
Cases
Related Happenings
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/Mitigation
H score35
First: 15.06.2026 09:17
Last: 15.06.2026 09:17
Sources 1
About this happening:
Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/MitigationAbout this happening: Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Check Point VPN CVE-2026-50751 targeted exploitation wave
Exploitation Wave
H score47
First: 08.06.2026 17:17
Last: 08.06.2026 17:17
Sources 1
About this happening:
**CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...
Check Point VPN CVE-2026-50751 targeted exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation Wave
H score87
First: 05.06.2026 11:38
Last: 05.06.2026 11:38
Sources 1
About this happening:
Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...
Everest Forms Pro CVE-2026-3300 active exploitation wave
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-3300** in **Everest Forms Pro** is driving **complete site compromise** risk for WordPress sites. Attackers have been using the flaw for arbitrar...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation Wave
H score79
First: 02.04.2026 11:25
Last: 02.04.2026 11:25
Sources 1
About this happening:
As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
F5 BIG-IP APM active exploitation wave (CVE-2025-53521)
Exploitation WaveAbout this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...
Cisco hit by cyberattack
Incident
H score18
First: 31.03.2026 20:53
Last: 31.03.2026 20:53
Sources 1
About this happening:
The **Cisco** incident is a **cyberattack** on its **internal development environment** that exposed **source code** and **credentials**. Attackers used stolen credentials linked...
Cisco hit by cyberattack
IncidentAbout this happening: The **Cisco** incident is a **cyberattack** on its **internal development environment** that exposed **source code** and **credentials**. Attackers used stolen credentials linked...
Timeline
-
02.04.2026 14:01 2 articles · 3mo ago
Cisco IMC password change authentication bypass disclosed
Initial DisclosureCisco released security updates on 2026-04-02 for Cisco IMC/CIMC after finding CVE-2026-20093 in the password change functionality. An unauthenticated attacker can send a crafted HTTP request to an affected UCS C-Series or E-Series server, bypass authentication, alter user passwords including an Admin account, and gain Admin privileges on the management controller. Cisco said there are no workarounds and strongly recommended upgrading to the fixed software, while PSIRT had not found in-the-wild exploitation or proof-of-concept exploit code.
Show sources
- Critical Cisco IMC auth bypass gives attackers Admin access — www.bleepingcomputer.com — 02.04.2026 14:01
- Critical Cisco IMC auth bypass gives attackers Admin access — www.bleepingcomputer.com — 02.04.2026 14:01