Cisco on Wednesday introduced patches for a number of vulnerabilities throughout its enterprise merchandise, together with 5 high-severity bugs.
Two high-severity points, tracked as CVE-2026-20034 and CVE-2026-20035, which might result in server-side request forgery (SSRF) assaults, have been resolved in Cisco Unity Connection.
Rooted within the inadequate validation of user-supplied enter and particular HTTP requests, the issues might be exploited by distant, authenticated attackers to execute arbitrary code as root or ship community requests sourced from the affected gadget.
Cisco addressed a high-severity defect (CVE-2026-20185) within the Easy Community Administration Protocol (SNMP) subsystem of SG350 and SG350X switches that might be exploited to trigger a denial-of-service (DoS) situation.
Improper error dealing with throughout the parsing of response information for a selected SNMP request might permit attackers to reload the gadget, the corporate explains.
“This vulnerability impacts SNMP variations 1, 2c, and three. To use this vulnerability by means of SNMPv2c or earlier, the attacker should know a legitimate read-write or read-only SNMP neighborhood string for the affected system. To use this vulnerability by means of SNMPv3, the attacker will need to have legitimate SNMP person credentials for the affected system,” Cisco notes.
The Crosswork Community Controller (CNC) and Community Companies Orchestrator (NSO) have been discovered susceptible to a high-severity DoS vulnerability tracked as CVE-2026-20188.
In response to Cisco, the difficulty exists as a result of rate-limiting on incoming community connections was not correctly carried out, permitting a distant, unauthenticated attacker to ship numerous connection requests to a susceptible system and exhaust assets.
The fifth high-severity bug, tracked as CVE-2026-20167, was addressed within the internet interface of IoT Area Community Director. Attributable to improper error dealing with, the weak point permits attackers to submit crafted enter and trigger the router to reload, resulting in a DoS situation.
On Wednesday, Cisco additionally resolved seven medium-severity vulnerabilities in IoT Area Community Director, Slido, Prime Infrastructure, Identification Companies Engine (ISE), and Enterprise Chat and E mail (ECE).
The bugs might result in file reads, command execution, data disclosure, arbitrary log file downloads, and browser-based assaults.
Cisco says it’s not conscious of any of those vulnerabilities being exploited within the wild. Extra data may be discovered on the corporate’s security advisories web page.
