CVE-2026-20107
Received Received - Intake
Insufficient Input Validation in Cisco APIC CLI Causes DoS

Publication date: 2026-02-25

Last updated on: 2026-02-25

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20107
EUVD
EUVD-2026-8672
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco application_policy_infrastructure_controller *
cisco application_policy_infrastructure_controller From 6.1 (inc) to 6.1(4h) (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC). It allows an authenticated local attacker, who has any role with CLI access, to cause the affected device to reload unexpectedly. This happens because of insufficient input validation, which means the attacker can issue specially crafted commands at the CLI prompt to trigger the device reload.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker with valid credentials and CLI access can cause the device to reload unexpectedly, disrupting normal operations and potentially causing downtime.

Compliance Impact

I don't know

Detection Guidance

This vulnerability requires an authenticated local attacker with CLI access to exploit it by issuing specially crafted commands at the CLI prompt. Detection would involve monitoring for unusual or unexpected CLI commands that could trigger a device reload.

However, no specific detection commands or network detection methods are provided in the available information.

Mitigation Strategies

Cisco recommends upgrading to the fixed software releases to fully remediate this vulnerability.

  • Ensure that only trusted users have CLI access, as the attacker must have valid user credentials and CLI access.
  • Monitor for any unexpected device reloads that could indicate exploitation attempts.

No workarounds are available, so applying the software update is the primary mitigation step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart