Medium6.0Cisco Updated
Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
cisco-sa-umbrella-priv-esc-F4wJB7AU Published Jun 17, 2026Updated by vendor Jun 17, 2026
CVE-2026-20246
Affected products & platforms
CiscoUnclassified
Summary
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco Umbrella Virtual Appliance, regardless of device configuration.
- Release Earlier than 3.8.5 (first fixed: 3.8.5)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 3.8.5: upgrade to 3.8.5.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.