Cisco fixes critical IMC auth bypass present in many products

Cisco released patches for a critical vulnerability (CVE-2026-20093) in its Integrated Management Controller (IMC, a dedicated controller embedded in server motherboards that manages servers remotely even when the main operating system is off). The flaw allows unauthenticated attackers to bypass authentication and gain admin access by sending specially crafted HTTP requests to exposed IMC interfaces. The vulnerability affects many Cisco servers and appliances, particularly those with IMC interfaces exposed to local networks or the internet.