Critical9.8Cisco Updated
Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
cisco-sa-ssm-cli-execution-cHUcWuNr Published Apr 1, 2026Updated by vendor Apr 1, 2026
CVE-2026-20160
Affected products & platforms
CiscoUnclassified
Summary
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service.
Affected versions
- Scope: This vulnerability affects Cisco SSM On-Prem, regardless of the software configuration.
- Release 9-202502 to 9-202510 (first fixed: 9-202601)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 9-202502 to 9-202510: upgrade to 9-202601.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.