Vulnerabilities in Supermicro BMC firmware, June 2026

Vulnerability Disclosure:

The purpose of this disclosure is to communicate the potential vulnerabilities affecting Supermicro products that were reported by an external researcher.

Acknowledgement:

Supermicro would like to acknowledge the work done by Coreweave Red Team and Hoang Bui from Coreweave, for discovering a potential vulnerability in the Supermicro BMC Firmware.

Summary:

A security issue has been discovered in select Supermicro boards. This issue affects Supermicro BMC Firmware.

CVE ID	Severity	Issue Type	Description
CVE-2026-3820	High	Command Injection	An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation. Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller. 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE ID

Severity

Issue Type

Description

CVE-2026-3820

High

Command Injection

An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation.

Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller.

7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products:

CVE-2025-12006

CVE-2025-12006
Motherboard	BMC FW Version with the Fix
MBD-X14DBM-AP	01.07.00.11
MBD-BH4SRG	01.08.11
MBD-B4SA1-CPU	01.08.11
MBD-B4SC1-CPU	01.08.11
MBD-X14SBGM	01.06.00.11
MBD-X14DBG-MAP	01.06.00.11
MBD-G2DMH-GI	01.06.00.11
MBD-B3SD1-20C-25G	01.11.11
MBD-X14SBHM	01.06.00.11
MBD-B14DBE	01.06.00.11
MBD-B14SBE-CPU-25G	01.06.00.11
MBD-B14DBT	01.06.00.11
MBD-X14DBG-GD	01.06.00.11
MBD-X14DBG-XAP	01.06.00.11
MBD-X14SBT-GAP	01.06.00.11
MBD-X14SBT-G	01.06.00.11
MBD-H14DST-F	01.07.00.11
MBD-H14DST-FL	01.07.00.11
MBD-X14DBG-LC+	01.07.00.11
MBD-X14DBG-LC	01.07.00.11
MBD-H14DSG-OD	01.07.00.11
MBD-H14DSG-OM	01.07.00.11
MBD-B14SBE-CPU-AP	01.06.00.11

Remediation:

All affected Supermicro motherboard SKUs will require a BMC update to mitigate these potential vulnerabilities.

Updated BMC firmware has been created to mitigate these potential vulnerabilities. Supermicro is currently testing and validating affected products. Please check Release notes for the resolution.

Exploitation and Public Announcements:

Supermicro is not aware of any malicious use of these vulnerabilities in the wild.

Resources:

CVE-2026-3820

AI Infrastructure

Data Center Building Block Solutions® (DCBBS)

AI Factory

Edge AI

AI Storage

Industry AI Solutions

NVIDIA Solutions

AMD Solutions

Intel Solutions

Arm AGI Solutions

Rackmount Servers

1U Dual Processor

2U Dual Processor

Single Processor

Multi-Processor

Product Families

GPU Servers

8U/10U GPU Lines

4U/5U GPU Lines

2U GPU Lines

1U GPU Lines

Twin Servers

FlexTwin™

BigTwin®

GrandTwin®

TwinPro®

FatTwin®

Blade Servers

SuperBlade®

MicroBlade®

MicroCloud

Storage Servers

All Storage Systems

All-Flash NVMe

Top-Loading Storage

JBOF

Petascale Grace Storage

Enterprise-Optimized Storage

JBOD Storage Enclosures

Motherboards

Server Boards

Workstation Boards

Embedded / IoT Boards

Desktop / Gaming Boards

Motherboard Matrix

Global SKUs

Chassis

1U Chassis

2U Chassis

3U Chassis

4U / Tower Chassis

Mid / Mini-Tower

Embedded / IoT Chassis

Mobile Racks / Drive Kits

JBOD Storage Enclosures

Global SKUs

SuperRack®

Rack Integration Service

Accessories

Cable Matrix

Riser Card Matrix

Storage AOC Matrix

Power Supply Matrix

Heatsink Matrix

System Fan Matrix

Mobile Racks / Drive Kits

Front Chassis Bezels

Storage, I/O, Security

Edge AI and IoT Systems

Compact Edge Systems

Compact Edge Servers

Rackmount Edge Servers

Embedded Components

Embedded Motherboards

Embedded Chassis

Switches

Adapters

SuperWorkstations

Liquid-Cooled AI Development Platform

Single-Processor