CVE-2026-20074
IS-IS Packet Validation Flaw in Cisco IOS XR Causes DoS
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xr_software | From 7.8 (inc) to 25.2.2 (exc) |
| cisco | ios_xr_software | 25.2.2 |
| cisco | ios_xr_software | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20074 is a high-severity vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software.
It occurs because of insufficient input validation of incoming IS-IS packets, which allows an unauthenticated attacker who is Layer 2-adjacent and has formed an IS-IS adjacency with the device to send specially crafted packets.
Exploiting this vulnerability causes the IS-IS process to restart unexpectedly, leading to a temporary loss of connectivity to advertised networks and resulting in a denial of service (DoS) condition.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the IS-IS routing process on affected Cisco IOS XR devices to restart unexpectedly.
Such a restart results in a temporary loss of network connectivity to the networks advertised by the device, effectively causing a denial of service (DoS) condition.
This can disrupt network operations and availability, potentially affecting business continuity and network reliability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To verify if a device is vulnerable to CVE-2026-20074, you can check if the IS-IS multi-instance routing feature is enabled and if an instance-id is configured.
- Use the command: show running-config router isis | include instance-id
The presence of an instance-id in the output indicates that the device is running a vulnerable configuration.
What immediate steps should I take to mitigate this vulnerability?
There are no direct workarounds to fully mitigate this vulnerability immediately.
However, configuring IS-IS area authentication can mitigate the risk by requiring attackers to authenticate before forming an adjacency.
This mitigation has been tested successfully but may impact network functionality and should be evaluated carefully before deployment.
Cisco strongly recommends upgrading to fixed software versions starting from 25.2.2 and later to fully remediate the vulnerability.