CVE-2026-20123 Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability

🗓️ 04 Feb 2026 16:11:56Reported by ciscoType

Unauthenticated attacker can trigger open redirect in Cisco Evolved Programmable Network Manager and Prime Infrastructure via HTTP parameter validation flaw.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-20123	4 Feb 202616:11	–	attackerkb
Cisco	Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability	4 Feb 202616:00	–	cisco
CNNVD	Cisco Evolved Programmable Network Manager和Cisco Prime Infrastructure 输入验证错误漏洞	4 Feb 202600:00	–	cnnvd
CVE	CVE-2026-20123	4 Feb 202616:11	–	cve
EUVD	EUVD-2026-5424	4 Feb 202616:11	–	euvd
NVD	CVE-2026-20123	4 Feb 202617:16	–	nvd
Positive Technologies	PT-2026-6083	4 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-20123	5 Feb 202619:23	–	redhatcve
Vulnrichment	CVE-2026-20123 Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability	4 Feb 202616:11	–	vulnrichment

[
  {
    "vendor": "Cisco",
    "product": "Cisco Evolved Programmable Network Manager (EPNM)",
    "versions": [
      {
        "version": "7.1.1",
        "status": "affected"
      },
      {
        "version": "7.1.2.1",
        "status": "affected"
      },
      {
        "version": "7.1.3",
        "status": "affected"
      },
      {
        "version": "7.1.2",
        "status": "affected"
      },
      {
        "version": "7.1.0",
        "status": "affected"
      },
      {
        "version": "8.0.0",
        "status": "affected"
      },
      {
        "version": "8.0.0.1",
        "status": "affected"
      },
      {
        "version": "7.1.3.1",
        "status": "affected"
      },
      {
        "version": "7.1.4",
        "status": "affected"
      },
      {
        "version": "8.1.0",
        "status": "affected"
      },
      {
        "version": "8.0.1",
        "status": "affected"
      },
      {
        "version": "7.1.4.1",
        "status": "affected"
      },
      {
        "version": "8.0.1.1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Prime Infrastructure",
    "versions": [
      {
        "version": "3.10.0",
        "status": "affected"
      },
      {
        "version": "3.10.2",
        "status": "affected"
      },
      {
        "version": "3.10.3",
        "status": "affected"
      },
      {
        "version": "3.10",
        "status": "affected"
      },
      {
        "version": "3.10.1",
        "status": "affected"
      },
      {
        "version": "3.10 Update 01",
        "status": "affected"
      },
      {
        "version": "3.10.4",
        "status": "affected"
      },
      {
        "version": "3.10.4 Update 01",
        "status": "affected"
      },
      {
        "version": "3.10.4 Update 02",
        "status": "affected"
      },
      {
        "version": "3.10.4 Update 03",
        "status": "affected"
      },
      {
        "version": "3.10.5",
        "status": "affected"
      },
      {
        "version": "3.10.6",
        "status": "affected"
      },
      {
        "version": "3.10.6 Update 01",
        "status": "affected"
      },
      {
        "version": "3.10.6 Security Update 03",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

04 Feb 2026 16:11Current

CVSS 3.14.3

EPSS0.00038