High8.0Cisco Updated
Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability
cisco-sa-epnm-improp-auth-mUwFWUU3 Published Apr 1, 2026Updated by vendor Apr 1, 2026
CVE-2026-20155
Affected products & platforms
CiscoUnclassified
Summary
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device.
Affected versions
- Scope: This vulnerability affects Cisco EPNM, regardless of device configuration.
- 8.0 and earlier — Migrate to a fixed release
- Release 8.1 (first fixed: 8.1.2)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 8.0 and earlier: migrate to a fixed release.
- Release 8.1: upgrade to 8.1.2.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.