Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Cisco UCS Manager Software Allows Malicious Admins to Run Any Command
CVE-2026-20036
Summary
A flaw in Cisco UCS Manager makes it possible for a hacker with admin access to run any command on the server, potentially causing damage. This is a serious issue because it means an attacker can do significant harm. Cisco has not yet released a fix, but users should be cautious and consider alternative management interfaces or waiting for a patch.
Original title
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary c...
Original description
A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device with root-level privileges.
This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device with root-level privileges.
nvd CVSS3.1
6.5
Vulnerability type
CWE-78
OS Command Injection
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026