CVE-2026-20123

medium

Cisco

CVSS v3 Base Score

4.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

0.0%

Exploitation probability in 30 days

Top 93% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

None

Integrity

Low

Availability

None

Published: February 4, 2026 (98 days ago)

Last Modified: March 10, 2026

Vendor: Cisco

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

CWE

CWE-601

Affected Products

cisco evolved programmable network managercisco prime infrastructure

References

🔗 sec.cloudapps.cisco.com

CVE-2026-20123

Vulnerability Report

Description

CWE

Affected Products

References