CVE-2026-20114
Received Received - Intake
Privilege Escalation in Cisco IOS XE Lobby Ambassador API

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20114
EUVD
EUVD-2026-15445
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco ios_xe *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the Lobby Ambassador web-based management API of Cisco IOS XE Software. It allows an authenticated remote attacker to elevate their privileges by exploiting insufficient validation of parameters received by an API endpoint.

An attacker who is already authenticated as a Lobby Ambassador user can send a specially crafted HTTP request to the affected device. This can result in the attacker creating a new user account with privilege level 1 access to the web-based management API.

With these new credentials and elevated privileges, the attacker can access management APIs that are normally not available to Lobby Ambassador users.

Impact Analysis

This vulnerability can impact you by allowing an attacker who has some level of authenticated access to escalate their privileges and gain broader control over the device's management APIs.

The attacker could create new user accounts with elevated privileges, potentially leading to unauthorized access to sensitive management functions.

This could result in unauthorized configuration changes, exposure of sensitive information, or disruption of device operations.

Detection Guidance

To detect if a device is affected by this vulnerability, you can check the device configuration for the presence of Lobby Ambassador settings.

  • Use the command `show running-config | include lobby-admin` on the Cisco IOS XE device.

If the output includes the string `type lobby-admin`, it indicates that the device is vulnerable.

Mitigation Strategies

There are no available workarounds for this vulnerability.

Cisco strongly recommends upgrading to fixed Cisco IOS XE Software releases to fully remediate the issue.

Before upgrading, verify device configurations and compatibility.

For further assistance and to obtain fixed software, contact Cisco Technical Assistance Center (TAC).

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart