CVE-2026-20246 - Vulnerability Details - OpenCVE

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00104.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.
Title		Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
Weaknesses		CWE-269
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU
Metrics		cvssV3_1 `{'score': 6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-06-17T16:17:13.708Z

Updated: 2026-06-17T17:17:13.797Z

Reserved: 2025-10-08T11:59:15.400Z

Link: CVE-2026-20246

Vulnrichment

Updated: 2026-06-17T17:17:08.256Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20246", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.400Z", "datePublished": "2026-06-17T16:17:13.708Z", "dateUpdated": "2026-06-17T17:17:13.797Z"}, "containers": {"cna": {"title": "Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU", "name": "cisco-sa-umbrella-priv-esc-F4wJB7AU"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-umbrella-priv-esc-F4wJB7AU", "discovery": "EXTERNAL", "defects": ["CSCwt75291"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Privilege Management", "type": "cwe", "cweId": "CWE-269"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Umbrella Insights Virtual Appliance", "versions": [{"version": "2.6.0", "status": "affected"}, {"version": "2.5.6", "status": "affected"}, {"version": "2.5", "status": "affected"}, {"version": "2.4.12", "status": "affected"}, {"version": "2.7", "status": "affected"}, {"version": "2.6.2", "status": "affected"}, {"version": "2.5.5", "status": "affected"}, {"version": "2.5.4", "status": "affected"}, {"version": "2.8", "status": "affected"}, {"version": "2.6.1", "status": "affected"}, {"version": "2.5.7", "status": "affected"}, {"version": "1.5.4", "status": "affected"}, {"version": "1.5.5", "status": "affected"}, {"version": "1.5.6", "status": "affected"}, {"version": "2.0.0", "status": "affected"}, {"version": "2.0.2", "status": "affected"}, {"version": "2.0.3", "status": "affected"}, {"version": "2.1.0", "status": "affected"}, {"version": "2.1.2", "status": "affected"}, {"version": "2.1.4", "status": "affected"}, {"version": "2.1.5", "status": "affected"}, {"version": "2.2", "status": "affected"}, {"version": "2.2.1", "status": "affected"}, {"version": "2.3", "status": "affected"}, {"version": "2.3.1", "status": "affected"}, {"version": "2.4", "status": "affected"}, {"version": "2.4.4", "status": "affected"}, {"version": "2.4.6", "status": "affected"}, {"version": "2.8.9", "status": "affected"}, {"version": "3.0", "status": "affected"}, {"version": "3.1", "status": "affected"}, {"version": "3.2", "status": "affected"}, {"version": "2.8.1", "status": "affected"}, {"version": "2.8.2", "status": "affected"}, {"version": "2.8.3", "status": "affected"}, {"version": "2.8.4", "status": "affected"}, {"version": "2.8.5", "status": "affected"}, {"version": "3.0.1", "status": "affected"}, {"version": "3.0.2", "status": "affected"}, {"version": "3.0.4", "status": "affected"}, {"version": "3.0.5", "status": "affected"}, {"version": "3.1.1", "status": "affected"}, {"version": "3.1.2", "status": "affected"}, {"version": "3.1.3", "status": "affected"}, {"version": "3.1.4", "status": "affected"}, {"version": "3.2.1", "status": "affected"}, {"version": "3.2.2", "status": "affected"}, {"version": "3.2.3", "status": "affected"}, {"version": "3.3", "status": "affected"}, {"version": "3.3.1", "status": "affected"}, {"version": "3.3.2", "status": "affected"}, {"version": "3.3.3", "status": "affected"}, {"version": "3.3.4", "status": "affected"}, {"version": "3.4", "status": "affected"}, {"version": "3.4.1", "status": "affected"}, {"version": "3.4.2", "status": "affected"}, {"version": "3.4.3", "status": "affected"}, {"version": "3.4.4", "status": "affected"}, {"version": "3.4.5", "status": "affected"}, {"version": "3.4.6", "status": "affected"}, {"version": "3.5", "status": "affected"}, {"version": "2.7.1", "status": "affected"}, {"version": "2.7.2", "status": "affected"}, {"version": "2.7.6", "status": "affected"}, {"version": "2.7.9", "status": "affected"}, {"version": "2.7.10", "status": "affected"}, {"version": "3.5.1", "status": "affected"}, {"version": "3.5.2", "status": "affected"}, {"version": "3.6.1", "status": "affected"}, {"version": "3.6.2", "status": "affected"}, {"version": "3.7", "status": "affected"}, {"version": "3.7.1", "status": "affected"}, {"version": "3.8.3", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-06-17T16:17:13.708Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T17:15:44.900787Z", "id": "CVE-2026-20246", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:17:13.797Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20246", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-17T17:15:44.900787Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:17:08.256Z"}}], "cna": {"title": "Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability", "source": {"defects": ["CSCwt75291"], "advisory": "cisco-sa-umbrella-priv-esc-F4wJB7AU", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Umbrella Insights Virtual Appliance", "versions": [{"status": "affected", "version": "2.6.0"}, {"status": "affected", "version": "2.5.6"}, {"status": "affected", "version": "2.5"}, {"status": "affected", "version": "2.4.12"}, {"status": "affected", "version": "2.7"}, {"status": "affected", "version": "2.6.2"}, {"status": "affected", "version": "2.5.5"}, {"status": "affected", "version": "2.5.4"}, {"status": "affected", "version": "2.8"}, {"status": "affected", "version": "2.6.1"}, {"status": "affected", "version": "2.5.7"}, {"status": "affected", "version": "1.5.4"}, {"status": "affected", "version": "1.5.5"}, {"status": "affected", "version": "1.5.6"}, {"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "2.0.2"}, {"status": "affected", "version": "2.0.3"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.1.2"}, {"status": "affected", "version": "2.1.4"}, {"status": "affected", "version": "2.1.5"}, {"status": "affected", "version": "2.2"}, {"status": "affected", "version": "2.2.1"}, {"status": "affected", "version": "2.3"}, {"status": "affected", "version": "2.3.1"}, {"status": "affected", "version": "2.4"}, {"status": "affected", "version": "2.4.4"}, {"status": "affected", "version": "2.4.6"}, {"status": "affected", "version": "2.8.9"}, {"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}, {"status": "affected", "version": "3.2"}, {"status": "affected", "version": "2.8.1"}, {"status": "affected", "version": "2.8.2"}, {"status": "affected", "version": "2.8.3"}, {"status": "affected", "version": "2.8.4"}, {"status": "affected", "version": "2.8.5"}, {"status": "affected", "version": "3.0.1"}, {"status": "affected", "version": "3.0.2"}, {"status": "affected", "version": "3.0.4"}, {"status": "affected", "version": "3.0.5"}, {"status": "affected", "version": "3.1.1"}, {"status": "affected", "version": "3.1.2"}, {"status": "affected", "version": "3.1.3"}, {"status": "affected", "version": "3.1.4"}, {"status": "affected", "version": "3.2.1"}, {"status": "affected", "version": "3.2.2"}, {"status": "affected", "version": "3.2.3"}, {"status": "affected", "version": "3.3"}, {"status": "affected", "version": "3.3.1"}, {"status": "affected", "version": "3.3.2"}, {"status": "affected", "version": "3.3.3"}, {"status": "affected", "version": "3.3.4"}, {"status": "affected", "version": "3.4"}, {"status": "affected", "version": "3.4.1"}, {"status": "affected", "version": "3.4.2"}, {"status": "affected", "version": "3.4.3"}, {"status": "affected", "version": "3.4.4"}, {"status": "affected", "version": "3.4.5"}, {"status": "affected", "version": "3.4.6"}, {"status": "affected", "version": "3.5"}, {"status": "affected", "version": "2.7.1"}, {"status": "affected", "version": "2.7.2"}, {"status": "affected", "version": "2.7.6"}, {"status": "affected", "version": "2.7.9"}, {"status": "affected", "version": "2.7.10"}, {"status": "affected", "version": "3.5.1"}, {"status": "affected", "version": "3.5.2"}, {"status": "affected", "version": "3.6.1"}, {"status": "affected", "version": "3.6.2"}, {"status": "affected", "version": "3.7"}, {"status": "affected", "version": "3.7.1"}, {"status": "affected", "version": "3.8.3"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU", "name": "cisco-sa-umbrella-priv-esc-F4wJB7AU"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-269", "description": "Improper Privilege Management"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-06-17T16:17:13.708Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20246", "state": "PUBLISHED", "dateUpdated": "2026-06-17T17:17:13.797Z", "dateReserved": "2025-10-08T11:59:15.400Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-06-17T16:17:13.708Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}