wid-sec-w-2026-0874 · Published 2026-03-25 · View on BSI CERT-Bund ↗

Cisco IOS and IOS XE Software: Multiple Vulnerabilities

CVSS 8.6 HIGH

Risk Summary

A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition. A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

CVEs (11)

CVE-2026-20004 CVE-2026-20084 CVE-2026-20086 CVE-2026-20104 CVE-2026-20112 CVE-2026-20113 CVE-2026-20114 CVE-2026-20115 CVE-2026-20125 CVE-2026-20083 CVE-2026-20110

Affected Vendors

Cisco

Affected Products (9)

Cisco · IOS Software Release 3E

Cisco · IOS XE Lobby Ambassador

Cisco · IOS XE Catalyst 9000 Switches

Cisco · IOS XE Wireless Controller Catalyst CW9800

Cisco · IOS XE Catalyst

Cisco · IOS XE Rugged Series Switch

Cisco · IOS XE IOx Application

Cisco · IOS XE Secure Channel for Meraki

Cisco · IOS XE Software Release 3E

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more