Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.

INFO

Published Date :

2026-04-01T16:29:12.891Z

Last Modified :

2026-04-01T18:19:17.434Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2026-20155 vulnerability.

Vendors Products
Cisco
  • Evolved Programmable Network Manager
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20155.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact