CVE-2026-20151

🗓️ 01 Apr 2026 16:29:13Reported by ciscoType

Authenticated attacker can elevate a user to admin in Cisco Smart Software Manager On-Prem via web interface due to insecure session credentials.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2026-20151	1 Apr 202617:00	–	circl
Cisco	Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability	1 Apr 202616:00	–	cisco
CNNVD	Cisco Smart Software Manager On-Prem 安全漏洞	1 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-20151 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability	1 Apr 202616:29	–	cvelist
EUVD	EUVD-2026-17954	1 Apr 202618:36	–	euvd
NVD	CVE-2026-20151	1 Apr 202617:28	–	nvd
Positive Technologies	PT-2026-29561	1 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-20151	2 Apr 202616:56	–	redhatcve
Vulnrichment	CVE-2026-20151 Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability	1 Apr 202616:29	–	vulnrichment

[
  {
    "vendor": "Cisco",
    "product": "Cisco Smart Software Manager On-Prem",
    "versions": [
      {
        "version": "7-202001",
        "status": "affected"
      },
      {
        "version": "8-202004",
        "status": "affected"
      },
      {
        "version": "8-202006",
        "status": "affected"
      },
      {
        "version": "8-202012",
        "status": "affected"
      },
      {
        "version": "8-202010",
        "status": "affected"
      },
      {
        "version": "8-202008",
        "status": "affected"
      },
      {
        "version": "9-202201",
        "status": "affected"
      },
      {
        "version": "8-202102",
        "status": "affected"
      },
      {
        "version": "8-202105",
        "status": "affected"
      },
      {
        "version": "8-202108",
        "status": "affected"
      },
      {
        "version": "8-202112",
        "status": "affected"
      },
      {
        "version": "8-202201",
        "status": "affected"
      },
      {
        "version": "8-202206",
        "status": "affected"
      },
      {
        "version": "8-202212",
        "status": "affected"
      },
      {
        "version": "8-202302",
        "status": "affected"
      },
      {
        "version": "8-202303",
        "status": "affected"
      },
      {
        "version": "8-202304",
        "status": "affected"
      },
      {
        "version": "8-202308",
        "status": "affected"
      },
      {
        "version": "8-202401",
        "status": "affected"
      },
      {
        "version": "8-202404",
        "status": "affected"
      },
      {
        "version": "9-202406",
        "status": "affected"
      },
      {
        "version": "9-202407",
        "status": "affected"
      },
      {
        "version": "9-202410",
        "status": "affected"
      },
      {
        "version": "9-202412",
        "status": "affected"
      },
      {
        "version": "9-202501",
        "status": "affected"
      },
      {
        "version": "9-202502",
        "status": "affected"
      },
      {
        "version": "9-202504",
        "status": "affected"
      },
      {
        "version": "9-202507",
        "status": "affected"
      },
      {
        "version": "9-202510",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8

03 Apr 2026 16:11Current

6Medium risk

Vulners AI Score6

CVSS 3.17.3

EPSS0.00046

SSVC

CWE-201