PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-20074 Cisco CVE debrief

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.

Vendor
Cisco
Product
IOS XR Software
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-11
Original CVE updated
2026-07-08
Advisory published
2026-03-11
Advisory updated
2026-07-08

Who should care

Network administrators and security teams responsible for Cisco IOS XR Software deployments, particularly those using the IS-IS protocol, should be aware of this vulnerability and take necessary precautions to mitigate the risk.

Technical summary

The vulnerability is caused by insufficient input validation of ingress IS-IS packets in the IS-IS multi-instance routing feature of Cisco IOS XR Software. An unauthenticated, adjacent attacker can exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency, potentially causing the IS-IS process to restart unexpectedly and resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.

Defensive priority

High priority should be given to patching or mitigating this vulnerability, as it can be exploited by an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

Recommended defensive actions

  • Apply the vendor-provided patch or update to affected Cisco IOS XR Software versions.
  • Implement compensating controls, such as ingress filtering, to prevent crafted IS-IS packets from reaching the affected device.
  • Monitor IS-IS process logs for unexpected restarts and investigate any suspicious activity.
  • Verify that IS-IS adjacencies are properly configured and limit the number of adjacencies to trusted sources.
  • Review network segmentation and isolation controls to prevent lateral movement.
  • Conduct regular security audits and vulnerability assessments.
  • Track and verify patch deployment and vulnerability mitigation progress.

Evidence notes

The CVE record was published on 2026-03-11T17:16:55.470Z and was last modified on 2026-07-08T19:07:12.303Z. The NVD entry is currently Analyzed. Cisco has provided a mitigation or vendor reference for this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-11T17:16:55.470Z and has not been modified since then. The NVD entry is currently Analyzed.