PatchSiren cyber security CVE debrief
CVE-2026-20074 Cisco CVE debrief
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.
- Vendor
- Cisco
- Product
- IOS XR Software
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-11
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-03-11
- Advisory updated
- 2026-07-08
Who should care
Network administrators and security teams responsible for Cisco IOS XR Software deployments, particularly those using the IS-IS protocol, should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability is caused by insufficient input validation of ingress IS-IS packets in the IS-IS multi-instance routing feature of Cisco IOS XR Software. An unauthenticated, adjacent attacker can exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency, potentially causing the IS-IS process to restart unexpectedly and resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, as it can be exploited by an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
Recommended defensive actions
- Apply the vendor-provided patch or update to affected Cisco IOS XR Software versions.
- Implement compensating controls, such as ingress filtering, to prevent crafted IS-IS packets from reaching the affected device.
- Monitor IS-IS process logs for unexpected restarts and investigate any suspicious activity.
- Verify that IS-IS adjacencies are properly configured and limit the number of adjacencies to trusted sources.
- Review network segmentation and isolation controls to prevent lateral movement.
- Conduct regular security audits and vulnerability assessments.
- Track and verify patch deployment and vulnerability mitigation progress.
Evidence notes
The CVE record was published on 2026-03-11T17:16:55.470Z and was last modified on 2026-07-08T19:07:12.303Z. The NVD entry is currently Analyzed. Cisco has provided a mitigation or vendor reference for this vulnerability.
Official resources
-
CVE-2026-20074 CVE record
CVE.org
-
CVE-2026-20074 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-11T17:16:55.470Z and has not been modified since then. The NVD entry is currently Analyzed.