Security & Lifecycle News

2026-05-02 Cisco Security Advisories

Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform …

Cisco CVE-2026-20113

X in @

2026-05-02 Cisco Security Advisories

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and an SQL injection attac…

Cisco CVE-2026-20059 CVE-2026-20060 CVE-2026-20061

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to r…

Cisco CVE-2026-20125

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access manag…

Cisco CVE-2026-20114

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker …

Cisco CVE-2026-20074

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Softwar…

Cisco CVE-2026-20012

X in @

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface and REST API of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker …

Cisco CVE-2026-20001 CVE-2026-20002 CVE-2026-20003

X in @

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack t…

Cisco CVE-2026-20041

X in @

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities

Multiple vulnerabilities in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FT…

Cisco CVE-2026-20100 CVE-2026-20101 CVE-2026-20103

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resultin…

Cisco CVE-2026-20084

X in @

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow…

Cisco CVE-2026-20009

X in @

2026-05-02 Cisco Security Advisories

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and ga…

Cisco CVE-2026-20093

X in @

2026-05-02 Cisco Security Advisories

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could…

Cisco CVE-2024-20358

X in @

2026-05-02 Cisco Security Advisories

Cisco Secure Web Appliance Authentication Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authenticat…

Cisco CVE-2026-20152

X in @

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privi…

Cisco CVE-2026-20132

X in @

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Management Center Software Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute …

Cisco CVE-2026-20079

X in @

2026-05-02 Cisco Security Advisories

Cisco Catalyst SD-WAN Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to…

Cisco CVE-2026-20122 CVE-2026-20126 CVE-2026-20128

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Denial of Service Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabil…

Cisco CVE-2026-20110

X in @

2026-05-02 Cisco Security Advisories

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system …

Cisco CVE-2026-20161

X in @

2026-05-02 Cisco Security Advisories

Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a …

Cisco CVE-2026-20112

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XR Software CLI Privilege Escalation Vulnerabilities

Multiple vulnerabilities in Cisco IOS XR Software could allow an authenticated, local attacker to execute commands as root on an underlying operating system or gain full administra…

Cisco CVE-2026-20040 CVE-2026-20046

X in @

2026-05-02 Cisco Security Advisories

Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine t…

Cisco CVE-2026-20005 CVE-2026-20065 CVE-2026-20066

X in @

2026-05-02 Cisco Security Advisories

Cisco Webex Services Cross-Site Scripting Vulnerability

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no…

Cisco CVE-2026-20149

X in @

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command inje…

Cisco CVE-2024-20432

X in @

2026-05-02 Cisco Security Advisories

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromi…

Cisco CVE-2025-20333 CVE-2025-20362

X in @

2026-05-02 Cisco Security Advisories

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cis…

Cisco CVE-2026-20170

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family…

Cisco CVE-2026-20086

X in @

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote …

Cisco CVE-2026-20147 CVE-2026-20148

X in @

2026-05-02 Cisco Security Advisories

Cisco Webex Services Certificate Validation Vulnerability

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user w…

Cisco CVE-2026-20184

X in @

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of serv…

Cisco CVE-2026-20083

X in @