CVE-2026-20037 MEDIUM

CVE-2026-20037: Cisco UCS Manager File Write Vulnerability

Vendor Cisco
Product Cisco Unified Computing System (Managed)
Weakness CWE-250
Published February 25, 2026
Last update February 25, 2026

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system.   This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or overwrite files in the file system or perform limited privileged actions on an affected device.   

Key dates

02Disclosure timeline

February 25, 2026 CVE published
February 25, 2026 Record updated