A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device with root-level privileges.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Wed, 25 Feb 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device with root-level privileges. | |
| Title | Cisco UCS Manager Software Command Injection Vulnerability | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2026-02-25T18:11:13.534Z
Reserved: 2025-10-08T11:59:15.353Z
Link: CVE-2026-20036
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-25T17:25:24.833
Modified: 2026-02-25T17:25:24.833
Link: CVE-2026-20036
Redhat
No data.
OpenCVE Enrichment
No data.