Security & Lifecycle News

2026-06-17 Cisco Security Advisories

Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affect…

Cisco CVE-2026-20220

X in @

2026-06-17 Cisco Security Advisories

Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability …

Cisco CVE-2026-20246

X in @

2026-06-17 Cisco Security Advisories

Cisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to achieve remote code execution o…

Cisco CVE-2026-20181 CVE-2026-20190

X in @

2026-06-17 Cisco Security Advisories

Cisco Webex App Open Redirect Vulnerability

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed…

Cisco CVE-2026-20178

X in @

2026-06-16 Cisco Security Advisories

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalys…

Cisco CVE-2026-20127

X in @

2026-06-15 Cisco Security Advisories

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the…

Cisco CVE-2026-20262

X in @

2026-06-04 Cisco Security Advisories

Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator,…

Cisco CVE-2026-20127 CVE-2026-20182

X in @

2026-06-03 Cisco Security Advisories

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco…

Cisco CVE-2026-20233

X in @

2026-06-03 Cisco Security Advisories

Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthentic…

Cisco CVE-2026-20230

X in @

2026-06-03 Cisco Security Advisories

Cisco Finesse Remote File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, po…

Cisco CVE-2026-20175

X in @

2026-05-20 Cisco Security Advisories

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges…

Cisco CVE-2026-20223

X in @

2026-05-20 Cisco Security Advisories

Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode coul…

Cisco CVE-2026-20171

X in @

2026-05-20 Cisco Security Advisories

Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on b…

Cisco CVE-2026-20206

X in @

2026-05-20 Cisco Security Advisories

Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operatin…

Cisco CVE-2026-20199

X in @

2026-05-14 Cisco Security Advisories

Cisco Catalyst SD-WAN Manager Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow a remote attacker to gain access to sensitive information, elevate privileges, or ga…

Cisco CVE-2026-20209 CVE-2026-20210 CVE-2026-20224

X in @

2026-05-14 Cisco Security Advisories

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authenticatio…

Cisco

X in @

2026-05-06 Cisco Security Advisories

Cisco IoT Field Network Director Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute c…

Cisco CVE-2026-20167 CVE-2026-20168 CVE-2026-20169

X in @

2026-05-06 Cisco Security Advisories

Cisco Slido Insecure Direct Object Reference Vulnerability

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results…

Cisco CVE-2026-20219

X in @

2026-05-06 Cisco Security Advisories

Cisco Prime Infrastructure Information Disclosure Vulnerability

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server. …

Cisco CVE-2026-20189

X in @

2026-05-06 Cisco Security Advisories

Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) fi…

Cisco CVE-2026-20185

X in @

2026-05-06 Cisco Security Advisories

Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this v…

Cisco CVE-2026-20172

X in @

2026-05-06 Cisco Security Advisories

Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory

Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (…

Cisco CVE-2026-20188

X in @

2026-05-06 Cisco Security Advisories

Cisco Identity Services Engine Authentication Bypass Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensit…

Cisco CVE-2026-20193 CVE-2026-20195

X in @

2026-05-06 Cisco Security Advisories

Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affec…

Cisco CVE-2026-20034 CVE-2026-20035

X in @

2026-05-05 Cisco Security Advisories

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting…

Cisco CVE-2025-20204 CVE-2025-20205

X in @

2026-05-02 Cisco Security Advisories

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabiliti…

Cisco CVE-2026-20078 CVE-2026-20081

X in @

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrati…

Cisco CVE-2026-20136

X in @

2026-05-02 Cisco Security Advisories

Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a …

Cisco CVE-2026-20112

X in @

2026-05-02 Cisco Security Advisories

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system…

Cisco CVE-2026-20151

X in @

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Adaptive Security Appliance Software SSH Partial Private Key Authentication Bypass Vulnerability

A vulnerability in the implementation of the proprietary SSH stack with SSH key-based authentication in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow…

Cisco CVE-2026-20009

X in @