- 121/2026
- High
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, manipulate data, conduct server-side request forgery attacks through a crafted HTTP request, or execute arbitrary code and gain access to the affected products by submitting a crafted API request.
Sample of addressed vulnerabilities:
1. Cisco Unity Connection Remote Code Execution Vulnerability (CVE-2026- 20034):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Remote Code Execution
2. Cisco IoT Field Network Director Denial of Service Vulnerability (CVE-2026- 20167):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- Cisco IoT Field Network Director.
- Cisco Unity Connection.
- Cisco ISE and Cisco ECE.
- Cisco Prime Infrastructure.
- Cisco CNC and Cisco NSO.
Vulnerabilities
- CVE-2026-20172
- CVE-2026-20193
- CVE-2026-20195
- CVE-2026-20189
- CVE-2026-20219
- CVE-2026-20167
- CVE-2026-20168
- CVE-2026-20169
- CVE-2026-20188
- CVE-2026-20185
- CVE-2026-20034
- CVE-2026-20035
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.