CVE-2026-20155
Published: 01 April 2026
Summary
CVE-2026-20155 is a high-severity Missing Authorization (CWE-862) vulnerability in Cisco Evolved Programmable (inferred from references). Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-20155 is a vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) that stems from improper authorization checks on a REST API endpoint, classified under CWE-862 (Missing Authorization). This flaw enables an authenticated, remote attacker with low privileges to access sensitive information they are not authorized to view. The vulnerability received a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and was published on April 1, 2026.
An attacker with low-privilege access to the EPNM web interface can exploit this vulnerability by sending a query to the affected REST API endpoint. Successful exploitation allows the attacker to view session information for active Cisco EPNM users, including those with administrative privileges. This exposure could lead to full compromise of the affected device.
The Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 provides details on mitigation, including available patches and workarounds for affected EPNM versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17955
Vulnerability details
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper…
more
authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authorization on REST API enables low-priv authenticated attacker to access admin session data, directly facilitating privilege escalation via stolen web session material.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-3 mandates enforcement of approved authorizations for logical access to information and system resources, directly addressing the improper authorization checks on the REST API endpoint.
AC-24 requires explicit authorization decisions for access to system resources by defined personnel or roles, mitigating unauthorized access to sensitive user session information.
AC-6 enforces least privilege, limiting low-privilege attackers' ability to access or exploit administrative session data even if checks fail.