Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication

Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication

By Abinaya
Publication Date: 2026-04-02 07:26:00

Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates.

The vulnerability, officially tracked as CVE-2026-20093, has been assigned a critical Base CVSS score of 9.8, indicating the highest level of severity.

This security weakness is located in the password change functionality of the Cisco IMC software. The core issue stems from the system’s incorrect processing of incoming password change requests.

By exploiting this flaw, a remote, unauthenticated attacker can send a maliciously crafted HTTP request directly to an affected device.

If the exploit is successful, the attacker can completely bypass standard authentication checks. Once authentication is bypassed, the attacker can modify the passwords of any existing user on the system.

This includes the primary Admin account, which essentially allows the attacker to hijack the system and…