CVE-2026-26057 – An unauthenticated remote attacker can exploit ... (How to Fix)

Q: What is the severity of CVE-2026-26057?

CVE-2026-26057 has a CVSS score of 6.5 (MEDIUM). An unauthenticated remote attacker can exploit Skill Scanner's API Server to cause denial of service through resource exhaustion or upload arbitrary files to arbitrary locations. This affects Skill Scanner 1.0.1 and earlier when the API Server is enabled, though the API Server is disabled by default.

📋 TL;DR

An unauthenticated remote attacker can exploit Skill Scanner's API Server to cause denial of service through resource exhaustion or upload arbitrary files to arbitrary locations. This affects Skill Scanner 1.0.1 and earlier when the API Server is enabled, though the API Server is disabled by default.

💻 Affected Systems

Products:

Skill Scanner

Versions: 1.0.1 and earlier

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when API Server is explicitly enabled. Default configuration has API Server disabled.

📦 What is this software?

Skill Scanner by Cisco

View all CVEs affecting Skill Scanner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary file upload leading to remote code execution, or complete service unavailability through memory starvation DoS.

🟠

Likely Case

Service disruption through DoS attacks or unauthorized file uploads to sensitive directories.

🟢

If Mitigated

Limited impact if API Server is disabled or network access is restricted.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending API requests to the exposed server. No authentication is required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.2 and later

Vendor Advisory: https://github.com/cisco-ai-defense/skill-scanner/security/advisories/GHSA-ppfx-73j5-fhxc

Restart Required: Yes

Instructions:

1. Stop Skill Scanner service. 2. Update to version 1.0.2 or later. 3. Restart Skill Scanner service.

🔧 Temporary Workarounds

Disable API Server

all

Disable the vulnerable API Server component

Edit configuration to set api_server_enabled: false
Restart Skill Scanner service

Network Access Control

linux

Restrict network access to Skill Scanner API port

iptables -A INPUT -p tcp --dport [API_PORT] -j DROP
ufw deny [API_PORT]

🧯 If You Can't Patch

Disable API Server in configuration immediately
Implement strict network segmentation and firewall rules to block all access to Skill Scanner API

🔍 How to Verify

Check if Vulnerable:

Check if Skill Scanner version is 1.0.1 or earlier AND API Server is enabled in configuration

Check Version:

skill-scanner --version

Verify Fix Applied:

Verify Skill Scanner version is 1.0.2 or later and test API Server functionality

📡 Detection & Monitoring

Log Indicators:

Unusual API request patterns
Multiple failed authentication attempts (though authentication is not required)
Memory usage spikes
File write operations to unexpected directories

Network Indicators:

Unusual traffic to Skill Scanner API port
Bursts of API requests from single sources
Large file uploads via API

SIEM Query:

source="skill-scanner.log" AND ("api_request" OR "file_upload") AND (status="error" OR size>1000000)

📊 Metadata

CVE ID: CVE-2026-26057

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-668

Published: February 19, 2026

Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26057, you might also want to check these: