CVE-2026-20074
Received Received - Intake
IS-IS Packet Validation Flaw in Cisco IOS XR Causes DoS

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.  
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20074
EUVD
EUVD-2026-11219
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
cisco ios_xr_software From 7.8 (inc) to 25.2.2 (exc)
cisco ios_xr_software 25.2.2
cisco ios_xr_software *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20074 is a high-severity vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software.

It occurs because of insufficient input validation of incoming IS-IS packets, which allows an unauthenticated attacker who is Layer 2-adjacent and has formed an IS-IS adjacency with the device to send specially crafted packets.

Exploiting this vulnerability causes the IS-IS process to restart unexpectedly, leading to a temporary loss of connectivity to advertised networks and resulting in a denial of service (DoS) condition.

Impact Analysis

This vulnerability can impact you by causing the IS-IS routing process on affected Cisco IOS XR devices to restart unexpectedly.

Such a restart results in a temporary loss of network connectivity to the networks advertised by the device, effectively causing a denial of service (DoS) condition.

This can disrupt network operations and availability, potentially affecting business continuity and network reliability.

Compliance Impact

I don't know

Detection Guidance

To verify if a device is vulnerable to CVE-2026-20074, you can check if the IS-IS multi-instance routing feature is enabled and if an instance-id is configured.

  • Use the command: show running-config router isis | include instance-id

The presence of an instance-id in the output indicates that the device is running a vulnerable configuration.

Mitigation Strategies

There are no direct workarounds to fully mitigate this vulnerability immediately.

However, configuring IS-IS area authentication can mitigate the risk by requiring attackers to authenticate before forming an adjacency.

This mitigation has been tested successfully but may impact network functionality and should be evaluated carefully before deployment.

Cisco strongly recommends upgrading to fixed software versions starting from 25.2.2 and later to fully remediate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20074. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart