Critical Cisco Smart Software Manager Vulnerability Allows Root Command Execution

Cisco patched a critical unauthenticated remote code execution vulnerability (CVE-2026-20160) in its Smart Software Manager On-Prem platform that allows attackers to gain root access. The flaw is caused by an exposed internal API and requires no user interaction to exploit.