Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco IMC password change authentication bypass (CVE-2026-20093)

Vulnerability
First reported
Last updated
Happening score
H score 60
1 unique sources, 1 articles

Summary

Hide ▲

Cisco released security updates for Cisco IMC/CIMC after a password-change authentication bypass was found that lets unauthenticated attackers gain Admin access on affected UCS C-Series and E-Series servers. Tracked as CVE-2026-20093, the flaw can be triggered with a crafted HTTP request against the IMC password-change path. Cisco says there are no workarounds and recommends upgrading to the fixed software as soon as possible. The company has not found in-the-wild exploitation or proof-of-concept exploit code.

Cases

Cisco IMC authentication bypass exposure (1)

Related Happenings

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

Cisco hit by cyberattack

Incident
First: 31.03.2026 20:53 Last: 31.03.2026 20:53 Sources 1

About this happening: The **Cisco** incident is a **cyberattack** on its **internal development environment** that exposed **source code** and **credentials**. Attackers used stolen credentials linked...

Open Happening

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
First: 23.03.2026 12:30 Last: 23.03.2026 12:30 Sources 1

About this happening: **CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...

Open Happening

Interlock Cisco Secure Firewall Management Center zero-day exploitation wave

Exploitation Wave
First: 18.03.2026 18:53 Last: 18.03.2026 18:53 Sources 1

About this happening: A **zero-day exploitation wave** tied to **Interlock** has been hitting **Cisco Secure Firewall Management Center (FMC)**, putting **enterprise firewalls** at risk before patching...

Open Happening

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Open Happening

Timeline

  1. 02.04.2026 14:01 2 articles · 1mo ago

    Cisco IMC password change authentication bypass disclosed

    Initial Disclosure

    Cisco released security updates on 2026-04-02 for Cisco IMC/CIMC after finding CVE-2026-20093 in the password change functionality. An unauthenticated attacker can send a crafted HTTP request to an affected UCS C-Series or E-Series server, bypass authentication, alter user passwords including an Admin account, and gain Admin privileges on the management controller. Cisco said there are no workarounds and strongly recommended upgrading to the fixed software, while PSIRT had not found in-the-wild exploitation or proof-of-concept exploit code.

    Show sources
    Open in new tab