Platform
cisco
Component
cisco-smart-software-manager-on-prem
Fixed in
9.0.1
9.0.1
9.0.1
9.0.1
CVE-2026-20160 is a critical remote code execution (RCE) vulnerability affecting Cisco Smart Software Manager On-Prem versions 9.0 through 9.10. This flaw allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root-level privileges. The vulnerability stems from the unintentional exposure of an internal service, making it a high-priority security concern. A patch is available from Cisco.
The impact of CVE-2026-20160 is severe. Successful exploitation grants an attacker complete control over the affected Cisco Smart Software Manager On-Prem host. This includes the ability to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. Given the root-level privileges, the blast radius extends to the entire underlying operating system and any connected resources. This vulnerability shares similarities with other API exposure flaws where attackers leverage unintentional service accessibility to gain unauthorized control, potentially leading to widespread compromise.
CVE-2026-20160 is currently not listed on the CISA KEV catalog, and its EPSS score is pending evaluation. Public proof-of-concept (PoC) code is not yet publicly available, but the vulnerability's severity and ease of exploitation suggest it could become a target for attackers. The vulnerability was publicly disclosed on 2026-04-01.
Exploit Status
EPSS
0.23% (46% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-20160 is to upgrade to a patched version of Cisco Smart Software Manager On-Prem as soon as possible. Cisco has released a fix, and applying it is the most effective way to eliminate the vulnerability. If immediate patching is not feasible, consider implementing temporary workarounds such as restricting network access to the SSM On-Prem service using firewalls or access control lists. Monitor network traffic for suspicious API requests targeting the exposed service. After upgrading, confirm the vulnerability is resolved by attempting to trigger the API endpoint with a crafted request and verifying that it is no longer exploitable.
Update Cisco Smart Software Manager On-Prem to an unaffected version. See the Cisco advisory for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-20160 is a critical remote code execution vulnerability in Cisco Smart Software Manager On-Prem, allowing attackers to execute commands with root privileges.
You are affected if you are running Cisco Smart Software Manager On-Prem versions 9.0 to 9.10 and have not applied the available patch.
Upgrade to a patched version of Cisco Smart Software Manager On-Prem as soon as possible. If patching is not immediately possible, restrict network access to the exposed service.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest it could become a target for attackers.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: [https://sec.cisco.com/ciscoSecurity/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-rce-20260401]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.