CVE-2026-20125
Received Received - Intake
Improper Input Validation in Cisco IOS HTTP Server Causes DoS

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker must have a valid user account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20125
EUVD
EUVD-2026-15449
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco ios_software 3e
cisco ios_xe_software 3e
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-228 The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the HTTP Server feature of Cisco IOS and Cisco IOS XE Software Release 3E. It allows an authenticated remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.

The root cause is improper validation of user-supplied input. An attacker can exploit this by sending malformed HTTP requests to the device. If successful, this triggers a watchdog timer expiration, causing the device to reload.

To exploit this vulnerability, the attacker must have a valid user account on the device.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker with valid credentials can cause the affected device to reload unexpectedly, disrupting network operations and potentially causing downtime.

Mitigation Strategies

To mitigate this vulnerability, ensure that only trusted and authenticated users have access to the affected Cisco IOS and IOS XE devices, as exploitation requires valid user credentials.

Additionally, monitor for malformed HTTP requests that could trigger the vulnerability and consider applying any available software updates or patches from Cisco that address this issue.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

To detect this vulnerability on your device, you should verify if the HTTP Server feature is enabled and if the WEB_EXEC module is active.

  • Run the command `show running-config | include ip http server|secure` to check if the HTTP Server is enabled. The presence of `ip http server` or `ip http secure-server` indicates it is enabled.
  • Run the command `show ip http server session-module | include Status|WEB_EXEC` to verify if the WEB_EXEC module is active. If the Status (for HTTP) or Secure-status (for HTTPS) of WEB_EXEC is "Active," the device is vulnerable.

Devices with only HTTPS enabled and WEB_EXEC inactive are not vulnerable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20125. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart