CVE-2026-20114
Privilege Escalation in Cisco IOS XE Lobby Ambassador API
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xe | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect if a device is affected by this vulnerability, you can check the device configuration for the presence of Lobby Ambassador settings.
- Use the command `show running-config | include lobby-admin` on the Cisco IOS XE device.
If the output includes the string `type lobby-admin`, it indicates that the device is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
There are no available workarounds for this vulnerability.
Cisco strongly recommends upgrading to fixed Cisco IOS XE Software releases to fully remediate the issue.
Before upgrading, verify device configurations and compatibility.
For further assistance and to obtain fixed software, contact Cisco Technical Assistance Center (TAC).
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the Lobby Ambassador web-based management API of Cisco IOS XE Software. It allows an authenticated remote attacker to elevate their privileges by exploiting insufficient validation of parameters received by an API endpoint.
An attacker who is already authenticated as a Lobby Ambassador user can send a specially crafted HTTP request to the affected device. This can result in the attacker creating a new user account with privilege level 1 access to the web-based management API.
With these new credentials and elevated privileges, the attacker can access management APIs that are normally not available to Lobby Ambassador users.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker who has some level of authenticated access to escalate their privileges and gain broader control over the device's management APIs.
The attacker could create new user accounts with elevated privileges, potentially leading to unauthorized access to sensitive management functions.
This could result in unauthorized configuration changes, exposure of sensitive information, or disruption of device operations.