What is CVE-2026-20246?

CVE-2026-20246 is a medium-severity vulnerability in Cisco Umbrella Insights Virtual Appliance, classified under Improper Privilege Management. CVSS score: 6.0/10. Published 2026-06-17.

How severe is CVE-2026-20246?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Privilege escalation in Cisco Umbrella Insights Virtual Appliance

CVE-2026-20246

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied comma…

Vulnerability class: Privilege Escalation

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Umbrella Insights Virtual Appliance — versions 2.6.0, 2.5.6, 2.5

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

psirt@cisco.com

Frequently asked questions

What is CVE-2026-20246?: CVE-2026-20246 is a medium-severity vulnerability in Cisco Umbrella Insights Virtual Appliance, classified under Improper Privilege Management. CVSS score: 6.0/10. Published 2026-06-17.
How severe is CVE-2026-20246?: Medium severity. CVSS v3 base score is 6.0 out of 10.