Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root -level privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr Security Impact Rating: Critical CVE: CVE-2026-20160
CSIRTS triage
- What
- A vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system.
- Who is affected
- Deployments of Cisco Smart Software Manager On-Prem that expose the vulnerable API.
- Urgency
- Remediation is urgent due to the critical nature of the vulnerability and the potential for full system compromise.
- Action
- Apply the software updates released by Cisco to address this vulnerability.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Smart Software Manager On-Prem
Get an email when a new Smart Software Manager On-Prem advisory drops — max one per day, one-click unsubscribe.
Details
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-201600.91% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 56% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20160 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for Cisco Smart Software
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- highCisco Smart Software Manager On-Prem Privilege Escalation Vulnerabilitycisco-psirt · 2026-04-01
- criticalexploitedCVE-2018-0156: Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerabilitycisa-kev · 2022-03-03
- criticalexploitedCVE-2018-0171: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerabilitycisa-kev · 2021-11-03
More from Cisco Security Advisories
- unknownCisco Advance Notification for Publication of July 15, 2026, Security Advisories2026-07-08
- criticalCisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities2026-07-06
- highCisco Catalyst Center Arbitrary File Read Vulnerability2026-07-06
- highClamAV Vulnerabilities Affecting Cisco Products: July 20262026-07-02
- highCisco Advance Notification for Publication of July 1, 2026, Security Advisories2026-07-01