Cisco UCS Manager Privilege Escalation Vulnerability (CVE-2026-20037)

Key Information Vulnerability Overview Vulnerability Type: Cisco UCS Manager Software Privilege Escalation Vulnerability Severity: Medium CVSS Score: Base 4.4 CVE ID: CVE-2026-20037 CWE: CWE-250 Advisory ID: cisco-sa-ucsm-afwae-mOgUfyLn Initial Publication Date: February 25, 2026, 16:00 GMT Affected Products UCS 6400 Series Fabric Interconnects UCS 6500 Series Fabric Interconnects UCS X-Series Direct Fabric Interconnects 9108 100G Unaffected Products Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 Security Appliances MDS 9000 Series Multilayer Switches Nexus 3000 Series Switches Nexus 5500 Platform Switches Nexus 5600 Platform Switches Nexus 6000 Series Switches Nexus 7000 Series Switches Nexus 9000 Series Fabric Switches in ACI mode Nexus 9000 Series Switches in standalone NX-OS mode Secure Firewall 200 Series Secure Firewall 1200 Series Secure Firewall 3100 Series Secure Firewall 4200 Series Secure Firewall 6100 Series UCS 6300 Series Fabric Interconnects UCS 6600 Series Fabric Interconnects Technical Details Vulnerability Description: Due to unnecessary privileges being granted to users, an authenticated local attacker with read-only access can modify files and perform unauthorized actions. Software Updates Released: Cisco has released software updates to address this vulnerability. Workarounds: No workarounds are available. Fixed Software Versions: - UCS 6400 Series, 6500 Series, and 9108 100G Fabric Interconnects: - 4.1 and earlier: Migrate to a fixed release - 4.2: Migrate to a fixed release - 4.3: 4.3(6f) - 6.0: Not affected Public Exploitation and Disclosure Cisco PSIRT is not aware of any public announcements or malicious use of this vulnerability. Discovery Source This vulnerability was discovered during internal security testing. URL Cisco Security Advisory

Goal Reached Thanks to every supporter — we hit 100%!

Cisco UCS Manager Privilege Escalation Vulnerability (CVE-2026-20037)