CVE-2026-20093 and CVE-2026-20160 are both CVSS 9.8 critical flaws (CWE-287, CWE-306) in Cisco IMC and Cisco SSM respectively, enabling unauthenticated remote attackers to bypass authentication and achieve root-level access with no credentials or user interaction required. Neither vulnerability is currently listed on CISA KEV and EPSS percentiles are low, but CVSS 9.8 with unauthenticated network access on infrastructure-layer products warrants immediate prioritization. Restrict IMC and SSM management interfaces to trusted management VLANs or jump hosts immediately and apply Cisco PSIRT-issued patches; verify affected version ranges directly from the Cisco Security Advisory portal before finalizing remediation scope.