Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Open Redirect Vulnerability (CVE-2026-20123)
CVE number = CVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user.
A successful exploit could allow the attacker to redirect the user to a malicious web page.
Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.
The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.
| Cisco EPNM Release | First Fixed Release |
|---|---|
| 8.0 and earlier | Migrate to a fixed release. |
| 8.1 | 8.1.1 |
| Cisco Prime Infrastructure Release | First Fixed Release |
|---|---|
| 3.9 and earlier | Migrate to a fixed release. |
| 3.10 | 3.10.6 Security Update 2 |
The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.
