Cyber Resilience

CVE-2026-26057

Medium

Published: 19 February 2026

Published
19 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0033 24.5th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-26057 is a medium-severity Exposure of Resource to Wrong Sphere (CWE-668) vulnerability in Cisco Skill Scanner. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-26057 is a vulnerability in the API Server component of Skill Scanner, a security scanner designed to detect prompt injection, data exfiltration, and malicious code patterns in AI Agent Skills. The issue stems from an erroneous binding to multiple interfaces, enabling unauthenticated remote attackers to interact with the server API. This affects Skill Scanner versions 1.0.1 and earlier when the API Server is enabled, which is not the case by default. The vulnerability has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) and is associated with CWE-668 (Exposure of Resource to Wrong Sphere).

An unauthenticated remote attacker can exploit this vulnerability by sending API requests to a device exposing the affected API Server. Successful exploitation could allow the attacker to trigger a denial-of-service (DoS) condition through memory starvation by consuming excessive resources, or to upload arbitrary files to folders on the affected device.

The Skill Scanner security advisory (GHSA-ppfx-73j5-fhxc) and associated GitHub commit (1e35e57f3051ecc89ba845ae7206321c8eac20a1) confirm that the vulnerability is fixed in Skill Scanner releases 1.0.2 and later. Practitioners should ensure the API Server is disabled unless required and upgrade to a patched version to mitigate risks.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server…

more

API and either trigger a denial of service (DoS) condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. An attacker could exploit this vulnerability by sending API requests to a device exposing the affected API Server. A successful exploit could allow the attacker to consume an excessive amount of resources (memory starvation) or to upload files to arbitrary folders on the affected device. This vulnerability affects Skill-scanner 1.0.1 and earlier releases when the API Server is enabled. The API Server is not enabled by default. Skill-scanner software releases 1.0.2 and later contain the fix for this vulnerability.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, prompt injection

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Unauthenticated remote access to exposed API server directly matches T1190 (public-facing app exploitation); arbitrary file upload enables T1105 (ingress tool transfer); resource-consuming API abuse enables T1499.004 (application exploitation for DoS).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-20142Same vendor: Cisco
CVE-2026-20103Same vendor: Cisco
CVE-2025-20165Same vendor: Cisco
CVE-2026-20039Same vendor: Cisco
CVE-2026-5944Same vendor: Cisco
CVE-2025-20393Same vendor: Cisco
CVE-2025-20171Same vendor: Cisco
CVE-2026-20129Same vendor: Cisco
CVE-2026-20127Same vendor: Cisco
CVE-2026-20105Same vendor: Cisco

Affected Assets

cisco
skill scanner
≤ 1.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization on the API server, blocking the unauthenticated remote requests that enable DoS and file upload.

prevent

Restricts network interfaces and boundary exposure, directly mitigating the erroneous multi-interface binding that allows external attackers to reach the API.

AC-17 Remote Access partial match
prevent

Controls remote access methods and requires explicit authorization, limiting the unauthenticated API interaction described in the CVE.

References