Security & Lifecycle News

Aggregated from vendor advisories, security research, and industry publications.

2026-05-02 Cisco Security Advisories

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabiliti…

Cisco CVE-2026-20078 CVE-2026-20081

2026-05-02 Cisco Security Advisories

Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability

A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with …

Cisco

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability

A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack t…

Cisco CVE-2026-20041

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access manag…

Cisco CVE-2026-20114

2026-05-02 Cisco Security Advisories

Cisco Secure Firewall Management Center Software Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary…

Cisco CVE-2026-20131

2026-05-02 Cisco Security Advisories

Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack …

Cisco CVE-2026-20108

2026-05-02 Cisco Security Advisories

Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform …

Cisco CVE-2026-20113

2026-05-02 Cisco Security Advisories

Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker …

Cisco CVE-2026-20074

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of a…

Cisco CVE-2026-20180 CVE-2026-20186

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrati…

Cisco CVE-2026-20136

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privi…

Cisco CVE-2026-20132

2026-05-02 Cisco Security Advisories

Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability

A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system…

Cisco CVE-2026-20151

2026-05-02 Cisco Security Advisories

Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to achieve remote …

Cisco CVE-2026-20147 CVE-2026-20148

2026-05-02 Cisco Security Advisories

Cisco Integrated Management Controller Authentication Bypass Vulnerability

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and ga…

Cisco CVE-2026-20093

2026-05-02 Cisco Security Advisories

Cisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files …

Cisco CVE-2026-20042

2026-05-02 Cisco Security Advisories

Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to acce…

Cisco CVE-2026-20155

2026-05-02 Cisco Security Advisories

Cisco Secure Web Appliance Authentication Bypass Vulnerability

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authenticat…

Cisco CVE-2026-20152

2026-05-02 Cisco Security Advisories

Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to r…

Cisco CVE-2026-20125

2026-05-02 Cisco Security Advisories

Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Softwar…

Cisco CVE-2026-20012

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resultin…

Cisco CVE-2026-20084

2026-05-02 Cisco Security Advisories

Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS)…

Cisco CVE-2026-20085 CVE-2026-20087 CVE-2026-20088

2026-05-02 Cisco Security Advisories

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system …

Cisco CVE-2026-20161

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Denial of Service Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabil…

Cisco CVE-2026-20110

2026-05-02 Cisco Security Advisories

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating syst…

Cisco CVE-2026-20160

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a dev…

Cisco Meraki CVE-2026-20115

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerabil…

Cisco CVE-2026-20004

2026-05-02 Cisco Security Advisories

Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE932…

Cisco CVE-2026-20104

2026-05-02 Cisco Security Advisories

Cisco Catalyst SD-WAN Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to…

Cisco CVE-2026-20122 CVE-2026-20126 CVE-2026-20128

2026-05-02 Cisco Security Advisories

Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to conduct a cross-site scripting (XSS) attack, an open redirect attack, and an SQL injection attac…

Cisco CVE-2026-20059 CVE-2026-20060 CVE-2026-20061

2026-05-02 Cisco Security Advisories

Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to re…

Cisco CVE-2023-20185