CVE-2026-20123

Name of the Vulnerable Software and Affected Versions Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure (affected versions not specified)

Description A flaw exists in the web-based management interface that could let an attacker redirect a user to a harmful web page without needing to authenticate. This happens because the system doesn't properly check the input in HTTP requests. An attacker can take advantage of this by changing an HTTP request sent by a user, potentially redirecting them to a malicious site. The vulnerability is due to improper input validation of parameters in the HTTP request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.