CVE-2026-20155

Name of the Vulnerable Software and Affected Versions Cisco Evolved Programmable Network Manager (EPNM) (affected versions not specified)

Description A flaw exists in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) that could allow an authenticated, remote attacker with low privileges to access sensitive information without proper authorization. This is due to insufficient authorization checks on a REST API endpoint. An attacker could exploit this by querying the affected endpoint, potentially gaining access to session information of active Cisco EPNM users, including those with administrative privileges, which could lead to device compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.