By Zeljka Zorz
Publication Date: 2026-04-03 12:59:00
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
Cisco ICM riddled with vulnerabilities
Cisco Integrated Management Controller is a built-in hardware management system used in Cisco servers.
It allows administrators to remotely control, monitor, and troubleshoot a server, even if the operating system isn’t running. (That’s because Cisco IMC is powered by a Baseboard Management Controller inside the server, which runs its own firmware and has its own IP address.)
Nine out of the ten vulnerabilities affect the IMC’s web-based management interface:
- CVE-2026-20085, and CVE-2026-20087 to CVE-2026-20090 are cross-site scripting (XSS) flaws and stem from insufficient validation of user input. They could lead to disclosure of sensitive information or arbitrary script code…
