What products are hit by Cisco CVE-2026-20093?

ENCS 5000 Series, Catalyst 8300, UCS C-M5/M6 standalone, UCS E-M3/M6. Patch to listed versions stat.

How do you fix Cisco SSM On-Prem CVE-2026-20160?

Upgrade to version 9-202601. No workaround — exposed API demands it.

Are these Cisco flaws being exploited in attacks?

Not in the wild yet, per Cisco. But 9.8 scores and remote unauth? Prime targets for script kiddies and APTs alike.

Cisco's 9.8 Flaws Hand Attackers Server Keys and Root Access

Cisco dropped fixes for a pair of max-danger 9.8 CVSS holes — one lets attackers rewrite admin passwords remotely, the other cracks open root shells on SSM. No exploits yet, but history screams 'patch now.'

Threat Digest Apr 03, 2026 4 min read 12 views

Cisco UCS rack servers with exposed IMC vulnerability warning overlay

⚡ Key Takeaways

Two 9.8 CVSS flaws in Cisco IMC and SSM allow remote unauth access to elevated privileges and root shells. 𝕏
Affected: UCS racks, ENCS, Catalyst 8300, SSM On-Prem — patch lists provided, no workarounds. 𝕏
IMC's legacy password handling signals deeper architecture drag from 2010s designs into modern edge. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CVE-2026-20093 #CVE-2026-20160 #Cisco vulnerability #IMC flaw #SSM On-Prem #SSM On-Prem RCE #UCS servers

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Cisco's Exposed APIs: Root Access via One Bad Request in SSM On-Prem

Cisco IMC's Password Change Flaw Hands Attackers the Keys to Your Servers

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Chrome's Fifth Zero-Day Patch: Google Races Against Relentless Exploits

Stay in the loop