A critical authentication bypass vulnerability (CVE-2026-20093, CVSS 9.8) in Cisco's Integrated Management Controller (IMC) allows an unauthenticated, remote attacker to gain administrative access to the system. The article does not provide specific affected or fixed version information for this CVE.
Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled with vulnerabilities Cisco Integrated Management Controller is a built-in hardware management system used in Cisco servers. It allows administrators to remotely control, monitor, and troubleshoot a server, even if the operating system isn’t running. (That’s because Cisco IMC … More → The post Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) appeared first on Help Net Security .