CVE Catalog

CVE-2026-20246

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands.

Risk Assessment

An attacker with vmadmin privileges could exploit this vulnerability to gain root access, posing a significant security risk to the device and the data it holds.

Recommendation

It is recommended to update the Cisco Umbrella Virtual Appliance software to the latest version to patch this vulnerability and review the privileges of users with vmadmin access.

Original NVD description (English source)

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS