CVE-2026-20123 | THREATINT

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

PUBLISHED Reserved 2025-10-08 | Published 2026-02-04 | Updated 2026-02-04 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status

unknown

7.1.1

affected

7.1.2.1

affected

7.1.3

affected

7.1.2

affected

7.1.0

affected

8.0.0

affected

8.0.0.1

affected

7.1.3.1

affected

7.1.4

affected

8.1.0

affected

8.0.1

affected

7.1.4.1

affected

8.0.1.1

affected

Default status

unknown

3.10.0

affected

3.10.2

affected

3.10.3

affected

3.10

affected

3.10.1

affected

3.10 Update 01

affected

3.10.4

affected

3.10.4 Update 01

affected

3.10.4 Update 02

affected

3.10.4 Update 03

affected

3.10.5

affected

3.10.6

affected

3.10.6 Update 01

affected

3.10.6 Security Update 03

affected

References

sec.cloudapps.cisco.com/...cisco-sa-epnm-pi-redirect-6sX82dN (cisco-sa-epnm-pi-redirect-6sX82dN)

cve.org (CVE-2026-20123)

nvd.nist.gov (CVE-2026-20123)

Download JSON