Cisco fixes critical IMC auth bypass present in many products
CSO Online 02.04.2026 22:26
Cisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated remote attackers to gain admin access to the Cisco Integrated Management Controller (IMC), which gives administrators remote control over servers even when the main OS is shut down.
The vulnerability, tracked as CVE-2026-20093, stems from incorrect handling of password changes and can be exploited by sending specially crafted HTTP requests. This means servers with their IMC interfaces exposed directly to the local network — or worse, to the internet — are at immediate risk.
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
The Hacker News 02.04.2026 15:21
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges.
The vulnerability, tracked as CVE-2026-20093, carries a CVSS score of 9.8 out of a maximum of 10.0.
"This
XZ Utils 5.8.3: Sicherheitsupdate mit unklarem Risiko
Heise Security 02.04.2026 10:05
Die Entwickler der weitverbreiteten XZ Utils haben eine aktualisierte Version veröffentlicht, die Sicherheitslücken ausbessert.
Cisco stopft teils kritische Lücken in mehreren Produkten
Heise Security 02.04.2026 05:51
Am Mittwoch hat Cisco neun Sicherheitswarnungen herausgegeben. Sie behandeln teils kritische Lücken in mehreren Produkten.