CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability

mediumCVE-2026-20246
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU Security Impact Rating: Medium CVE: CVE-2026-20246

CSIRTS triage

What
A privilege escalation vulnerability could allow an authenticated attacker to elevate privileges on the device.
Who is affected
Authenticated users with vmadmin privileges on the Cisco Umbrella Virtual Appliance.
Urgency
Remediation is urgent due to the potential for privilege escalation to root.
Action
Users should apply the software updates released by Cisco.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Umbrella Virtual Appliance

Get an email when a new Umbrella Virtual Appliance advisory drops — max one per day, one-click unsubscribe.

Details

Source
Cisco Security Advisories (INTL · vendor-psirt · site)
Severity
medium
Published
2026-06-17
Exploitation
Not in CISA KEV at last sync

Original advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Umbrella%20Virtual%20Appliance%20Privilege%20Escalation%20Vulnerability%26vs_k=1

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-20246coverage & exploitation statusNVD · CVE.org

More from Cisco Security Advisories