CVE-2026-20160

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem versions 9-202502 through 9-202510

Description A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root-level privileges. This is due to the unintentional exposure of an internal service. An attacker can exploit this by sending a crafted request to the API of the exposed service. Successful exploitation can lead to full system compromise, data exfiltration, and lateral movement. The API is accessible via network requests, requiring no user interaction.

Recommendations Immediately upgrade affected SSM On-Prem instances to version 9-202601. Isolate affected hosts from the network until patched where feasible. Restrict external access to SSM management APIs and block unnecessary ports. Monitor logs and network traffic for suspicious API requests and indicators of compromise. Rotate credentials and secrets accessible from SSM hosts and conduct forensic reviews of hosts in the vulnerable range.