Cisco Fixes Critical Authentication Bypass Flaw in IMC

Cisco has addressed ten vulnerabilities in its Integrated Management Controller (IMC), including a critical authentication bypass flaw (CVE-2026-20093) that allows unauthenticated, remote attackers to gain Admin-level access. The vulnerability enables attackers to alter user passwords on affected systems. Cisco IMC is a hardware management system embedded in Cisco servers, providing remote control, monitoring, and troubleshooting capabilities even when the operating system is offline. The security update was released on April 3, 2026, with no additional technical details on exploitation methods disclosed. The impacted component is widely used for out-of-band server management in enterprise environments.