Cisco
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Cisco product.
RSS Feeds for Cisco security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Cisco products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Cisco Sorted by Most Security Vulnerabilities since 2018
Cisco Internetwork Operating System (IOS)211 vulnerabilities
Cisco Internetwork Operating System (IOS) is a family of network operating systems used on many Cisco Systems routers and current Cisco network switches.
Recent Cisco Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2026-03-25 | Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOx Application Hosting Environment Stored Cross-Site Scripting Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOx Application Hosting Environment Carriage Return Line Feed Injection Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS XE Software TLS Memory Exhaustion Denial of Service Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS XE Software Denial of Service Vulnerability | March 25, 2026 |
| 2026-03-25 | Cisco IOS XE Software Lobby Ambassador Privilege Escalation Vulnerability | March 25, 2026 |
Known Exploited Cisco Vulnerabilities
The following Cisco vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewa |
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. CVE-2026-20131 Exploit Probability: 0.7% |
March 19, 2026 |
| Cisco SD-WAN Path Traversal Vulnerability |
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. CVE-2022-20775 Exploit Probability: 0.3% |
February 25, 2026 |
| Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability |
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affec CVE-2026-20127 Exploit Probability: 0.9% |
February 25, 2026 |
| Cisco Unified Communications Products Code Injection Vulnerability |
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. CVE-2026-20045 Exploit Probability: 1.0% |
January 21, 2026 |
| Cisco Multiple Products Improper Input Validation Vulnerability |
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. CVE-2025-20393 Exploit Probability: 6.1% |
December 17, 2025 |
| Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability |
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. CVE-2025-20352 Exploit Probability: 2.0% |
September 29, 2025 |
| Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Mis |
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333. CVE-2025-20362 Exploit Probability: 43.6% |
September 25, 2025 |
| Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buf |
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362. CVE-2025-20333 Exploit Probability: 18.8% |
September 25, 2025 |
| Cisco Identity Services Engine Injection Vulnerability |
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. CVE-2025-20337 Exploit Probability: 0.7% |
July 28, 2025 |
| Cisco Identity Services Engine Injection Vulnerability |
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. CVE-2025-20281 Exploit Probability: 30.4% |
July 28, 2025 |
| Cisco Smart Licensing Utility Static Credential Vulnerability |
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials. CVE-2024-20439 Exploit Probability: 86.3% |
March 31, 2025 |
| Cisco Small Business RV Series Routers Command Injection Vulnerability |
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data. CVE-2023-20118 Exploit Probability: 3.9% |
March 3, 2025 |
| Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability |
Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. CVE-2014-2120 Exploit Probability: 63.9% |
November 12, 2024 |
| Cisco ASA and FTD Denial-of-Service Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service. CVE-2024-20481 Exploit Probability: 11.1% |
October 24, 2024 |
| Cisco NX-OS Command Injection Vulnerability |
Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device. CVE-2024-20399 Exploit Probability: 0.8% |
July 2, 2024 |
| Cisco ASA and FTD Privilege Escalation Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root. CVE-2024-20359 Exploit Probability: 0.2% |
April 24, 2024 |
| Cisco ASA and FTD Denial of Service Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. CVE-2024-20353 Exploit Probability: 24.4% |
April 24, 2024 |
| Cisco ASA and FTD Information Disclosure Vulnerability |
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations. CVE-2020-3259 Exploit Probability: 69.7% |
February 15, 2024 |
| Cisco IOS XE Web UI Unspecified Vulnerability |
Cisco IOS XE contains an unspecified vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity. CVE-2023-20273 Exploit Probability: 92.4% |
October 23, 2023 |
| Cisco IOS XE Web UI Command Injection Vulnerability |
Cisco IOS XE contains a command injection vulnerability in the web user interface that could allow a remote, authenticated attacker to inject commands that can be executed as the root user. CVE-2021-1435 Exploit Probability: 0.4% |
October 19, 2023 |
Of the known exploited vulnerabilities above, 2 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Cisco vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
Top 10 Riskiest Cisco Vulnerabilities
Based on the current exploit probability, these Cisco vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.
| Rank | CVE | EPSS | Vulnerability |
|---|---|---|---|
| 1 | CVE-2020-3452 | 94.5% | Cisco Adaptive Security Appliance and Cisco Fire Power Threat Defense directory traversal sensitive |
| 2 | CVE-2018-0296 | 94.4% | Cisco Adaptive Security Appliance Firepower Threat Defense Denial-of-Service/Directory Traversal vul |
| 3 | CVE-2019-1653 | 94.4% | Cisco RV320 and RV325 Routers Improper Access Control Vulnerability (COVID-19-CTI list) |
| 4 | CVE-2021-1497 | 94.4% | Cisco HyperFlex HX Command Injection Vulnerabilities |
| 5 | CVE-2017-3881 | 94.3% | Cisco IOS and IOS XE Remote Code Execution Vulnerability |
| 6 | CVE-2021-1498 | 94.2% | Cisco HyperFlex HX Command Injection Vulnerabilities |
| 7 | CVE-2023-20198 | 94.0% | Cisco IOS XE Web UI Privilege Escalation Vulnerability |
| 8 | CVE-2018-0171 | 93.0% | Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability |
| 9 | CVE-2019-1652 | 93.0% | Cisco Small Business Routers Improper Input Validation Vulnerability |
| 10 | CVE-2016-6415 | 93.0% | Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability |
By the Year
In 2026 there have been 93 vulnerabilities in Cisco with an average score of 6.5 out of ten. Last year, in 2025 Cisco had 218 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Cisco in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.19
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 93 | 6.50 |
| 2025 | 218 | 6.69 |
| 2024 | 366 | 6.74 |
| 2023 | 271 | 6.83 |
| 2022 | 323 | 6.91 |
| 2021 | 620 | 6.82 |
| 2020 | 354 | 6.85 |
| 2019 | 524 | 6.78 |
| 2018 | 373 | 7.51 |
It may take a day or so for new Cisco vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-20108 | Mar 25, 2026 |
Cisco SDWAN Manager Authenticated XSS in Web UIA vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
Catalyst Sd Wan Manager
|
| CVE-2026-20112 | Mar 25, 2026 |
Cisco IOS XE XSS in Web-Based Management InterfaceA vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. |
IOS XE
|
| CVE-2026-20113 | Mar 25, 2026 |
Cisco IOS XE CRLF Injection in IOx Management InterfaceA vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events. |
IOS XE
|
| CVE-2026-20114 | Mar 25, 2026 |
Privilege Escalation via Lobby Ambassador API in Cisco IOS XEA vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges. |
IOS XE
|
| CVE-2026-20115 | Mar 25, 2026 |
Cisco Meraki IOS XE Remote Config Leak via Insecure TunnelA vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by conducting an on-path attack between the affected device and the Cisco Meraki Dashboard. A successful exploit could allow the attacker to view sensitive device configuration information. |
IOS XE
|
| CVE-2026-20083 | Mar 25, 2026 |
SCP Server DoS via Malformed SSH on Cisco IOS XEA vulnerability in the Secure Copy Protocol (SCP) server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An attacker could exploit this vulnerability by issuing a crafted command through SSH. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. |
IOS XE
|
| CVE-2026-20110 | Mar 25, 2026 |
Cisco IOS XE CLI DoS via start maintenance cmdA vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because incorrect privileges are associated with the start maintenance command. An attacker could exploit this vulnerability by accessing the management CLI of the affected device as a low-privileged user and using the start maintenance command. A successful exploit could allow the attacker to put the device in maintenance mode, which shuts down interfaces, resulting in a denial of service (DoS) condition. In case of exploitation, a device administrator can connect to the CLI and use the stop maintenance command to restore operations. |
IOS XE
|
| CVE-2026-20104 | Mar 25, 2026 |
Cisco IOS XE Bootloader Code Execution (CVE-2026-20104)A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute arbitrary code at boot time and break the chain of trust. This vulnerability is due to insufficient validation of software at boot time. An attacker could exploit this vulnerability by manipulating the loaded binaries on an affected device to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to execute code that bypasses the requirement to run Cisco-signed images. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates because this vulnerability allows an attacker to bypass a major security feature of a device. |
IOS XE
|
| CVE-2026-20004 | Mar 25, 2026 |
Cisco IOS XE TLS Memory Exhaust DoS via EAPA vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition. |
IOS XE
|
| CVE-2026-20125 | Mar 25, 2026 |
Cisco IOS/IOS XE HTTP Server DoS via malformed requestsA vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker must have a valid user account. |
Internetwork Operating System (IOS)
IOS XE
|
| CVE-2026-20012 | Mar 25, 2026 |
Cisco IOS/ASA IKEv2 Packet Parsing Memory Leak DoSA vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit of Cisco IOS Software and IOS XE Software could allow the attacker to cause the affected device to reload, resulting in a DoS condition. A successful exploit of Cisco Secure Firewall ASA Software and Secure FTD Software could allow the attacker to partially exhaust system memory, resulting in system instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. |
Internetwork Operating System (IOS)
Adaptive Security Appliance
IOS XE
And others... |
| CVE-2026-20086 | Mar 25, 2026 |
Cisco IOS XE Wireless CNTRL DoS via malformed CAPWAPA vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. |
IOS XE
|
| CVE-2026-20084 | Mar 25, 2026 |
Cisco IOS XE DoS via BOOTP VLAN LeakageA vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request packets to an affected device. A successful exploit could allow an attacker to forward BOOTP packets from one VLAN to another, resulting in BOOTP VLAN leakage and potentially leading to high CPU utilization. This makes the device unreachable (either through console or remote management) and unable to forward traffic, resulting in a DoS condition. Note: This vulnerability can be exploited with either unicast or broadcast BOOTP packets. There are workarounds that address this vulnerability. |
IOS XE
|
| CVE-2026-20118 | Mar 11, 2026 |
Cisco NCS 5500/5700 NPU DoS via EPNI Aligner IntA vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface. This vulnerability is due to the corruption of packets in specific cases when an EPNI Aligner interrupt is triggered while an affected device is experiencing heavy transit traffic. An attacker could exploit this vulnerability by sending a continuous flow of crafted packets to an interface of the affected device. A successful exploit could allow the attacker to cause persistent, heavy packet loss, resulting in a denial of service (DoS) condition. Note: If active exploitation of this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates. This change was made because the affected device operates within a critical network segment where compromise could lead to significant disruption or exposure, thereby elevating the overall risk beyond the base technical severity. |
Internetwork Operating System (IOS)
|
| CVE-2026-20117 | Mar 11, 2026 |
CVE-2026-20117: Unauth XSS in Cisco CCX Web UIA vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
Unified Contact Center Express
|
| CVE-2026-20116 | Mar 11, 2026 |
Cisco Finesse UI XSS in WebUI Allows Remote Attacker ExecA vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise (Packaged CCE), Cisco Unified Contact Center Enterprise (Unified CCE), Cisco Unified Contact Center Express (Unified CCX), and Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
Unified Contact Center Express
|
| CVE-2026-20046 | Mar 11, 2026 |
Privilege Escalation via CLI Task Group Misassignment in Cisco IOS XRA vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks. |
Internetwork Operating System (IOS)
|
| CVE-2026-20074 | Mar 11, 2026 |
Cisco IOS XR IS-IS Process Crash via Malformed PacketsA vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency. |
Internetwork Operating System (IOS)
|
| CVE-2026-20040 | Mar 11, 2026 |
Cisco IOS XR CLI Local Authenticated Privilege Escalation via Argument ValidationA vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. |
Internetwork Operating System (IOS)
|
| CVE-2026-20064 | Mar 04, 2026 |
Cisco FTD CLI DoS via Improper Input ValidationA vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. |
|
| CVE-2026-20025 | Mar 04, 2026 |
OSPF LSU Heap Corruption DoS in Cisco Secure Firewall ASA/FTDA vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key. This vulnerability is due to insufficient input validation when processing OSPF link-state update (LSU) packets. An attacker could exploit this vulnerability by sending crafted OSPF LSU packets. A successful exploit could allow the attacker to corrupt the heap, causing the device to reload, resulting in a DoS condition. |
Adaptive Security Appliance
|
| CVE-2026-20024 | Mar 04, 2026 |
Cisco Secure Firewall ASA/FTD OSPF DoS via Auth AttackA vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key. This vulnerability is due to heap corruption in OSPF when parsing packets. An attacker could exploit this vulnerability by sending crafted packets to the OSPF service. A successful exploit could allow the attacker to corrupt the heap, causing the affected device to reload, resulting in a DoS condition. |
Adaptive Security Appliance
|
| CVE-2026-20023 | Mar 04, 2026 |
Cisco ASA/FTD OSPF Memory Corruption Causing DoSA vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to memory corruption when parsing OSPF protocol packets. An attacker could exploit this vulnerability by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to cause memory corruption causing the affected device to reboot, resulting in a DoS condition. |
Adaptive Security Appliance
|
| CVE-2026-20022 | Mar 04, 2026 |
DoS via OSPF LSU Overflow in Cisco Secure Firewall ASA/FTDA vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled by using the command debug ip ospf canon. This vulnerability is due to insufficient input validation when processing OSPF LSU packets. An attacker could exploit this vulnerability by sending crafted unauthenticated OSPF packets. A successful exploit could allow the attacker to write to memory outside of the packet data, causing the device to reload, resulting in a DoS condition. |
Adaptive Security Appliance
|
| CVE-2026-20021 | Mar 04, 2026 |
OSPF Authenticated Adjacent DoS via Memory Exhaustion in Cisco ASA/FTDA vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improperly validating input by the OSPF protocol when parsing packets. An attacker could exploit this vulnerability by by sending crafted OSPF packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. |
Adaptive Security Appliance
|
| CVE-2026-20020 | Mar 04, 2026 |
Cisco Secure Firewall ASA/FTD OSPF DoS via Buffer OverflowA vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulnerability is due to insufficient input validation when processing OSPF update packets. An attacker could exploit this vulnerability by sending crafted OSPF update packets. A successful exploit could allow the attacker to create a buffer overflow, causing the affected device to reload, resulting in a DoS condition. |
Adaptive Security Appliance
|
| CVE-2026-20016 | Mar 04, 2026 |
Cisco FXOS CLI Auth Local RCE (root)A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for specific CLI commands. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. |
|
| CVE-2026-20073 | Mar 04, 2026 |
Cisco ASA/FTD: Cluster Replication RMEM Bypass (CVE-2026-20073)A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should be denied through an affected device. This vulnerability is due to improper error handling when an affected device that is joining a cluster runs out of memory while replicating access control rules. An attacker could exploit this vulnerability by sending traffic that should be blocked through the device. A successful exploit could allow the attacker to bypass access controls and reach devices in protected networks. |
Adaptive Security Appliance
|
| CVE-2026-20102 | Mar 04, 2026 |
Cisco Secure Firewall ASA/FTD XSS via Unvalidated SAML 2.0 SSOA vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information. This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device. |
Adaptive Security Appliance
|
| CVE-2026-20070 | Mar 04, 2026 |
VPN Web Services XSS in Cisco Secure Firewall ASA/FTDA vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by persuading a user to follow a link to a malicious website that is designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the VPN web server. |
Adaptive Security Appliance
|
| CVE-2026-20069 | Mar 04, 2026 |
VPN Webservices XSS in Cisco Secure Firewall ASA/FTD Remote AttackA vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of HTTP requests. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious HTTP requests to a device that is running Cisco Secure Firewall ASA Software or Cisco Secure FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting (XSS) attacks. The attacker is not able to directly impact the affected device. |
Adaptive Security Appliance
|
| CVE-2026-20068 | Mar 04, 2026 |
Cisco Snort 3 D.E. DoS via Malformed RPC ParsingMultiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking when parsing remote procedure call (RPC) data. An attacker could exploit this vulnerability by sending crafted RPC packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts. |
Cyber Vision
|
| CVE-2026-20067 | Mar 04, 2026 |
Cisco Snort 3 DoS via MDNS HTTP Header ParsingMultiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete error checking when parsing the Multicast DNS fields of the HTTP header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts. |
Cyber Vision
|
| CVE-2026-20066 | Mar 04, 2026 |
DoS via JSTokenizer Exploit in Cisco Snort 3 Detection EngineMultiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenizer normalization logic when the HTTP inspection normalizes JavaScript. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine restarts unexpectedly. JSTokenizer is not enabled by default. |
|
| CVE-2026-20065 | Mar 04, 2026 |
DoS via Snort3 Engine Restart in Cisco DevicesMultiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the binder module initialization logic of the Snort Detection Engine. An attacker could exploit this vulnerability by sending certain packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine restarts unexpectedly. |
|
| CVE-2026-20063 | Mar 04, 2026 |
Cisco Secure FTD CLI: Local Privilege Escalation via Command InjectionA vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root. |
|
| CVE-2026-20058 | Mar 04, 2026 |
Cisco Snort 3 Detection Engine: VBA Decompression DoS via Improper Error CheckingMultiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnerabilities are due to improper error checking when decompressing VBA data. An attacker could exploit these vulnerabilities by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart, causing a DoS condition. |
|
| CVE-2026-20057 | Mar 04, 2026 |
Snort 3 VBA Decompression DoS (CVE-2026-20057)Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications (VBA) feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to lack of proper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending a crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to unexpectedly restart causing a a denial of service (DoS) condition. |
Cyber Vision
|
| CVE-2026-20054 | Mar 04, 2026 |
Cisco Snort 3 VBA Crash DoS via Unauth Remote AttackerMultiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper error checking when decompressing VBA data. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause the Snort 3 Detection Engine to enter an infinite loop, causing a DoS condition. |
Cyber Vision
|
| CVE-2026-20053 | Mar 04, 2026 |
Cisco Snort 3 DoS via Improper VBA Decompress Range CheckingMultiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerability is due to improper range checking when decompressing VBA data, which is user controlled. An attacker could exploit this vulnerability by sending crafted VBA data to the Snort 3 Detection Engine on the targeted device. A successful exploit could allow the attacker to cause an overflow of heap data, which could cause a DoS condition. |
Cyber Vision
|
| CVE-2026-20052 | Mar 04, 2026 |
CVE-2026-20052: Remote DoS via Memory Leak in Cisco Secure Firewall Snort 3 EngineA vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a logic error in memory management when a device is performing Snort 3 SSL packet inspection. An attacker could exploit this vulnerability by sending crafted SSL packets through an established connection to be parsed by the Snort 3 Detection Engine. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when the Snort 3 Detection Engine unexpectedly restarts. |
|
| CVE-2026-20050 | Mar 04, 2026 |
Cisco FTD SSL Decrypt Do Not Decrypt DoS via TLS1.2A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management during the inspection of TLS 1.2 encrypted traffic. An attacker could exploit this vulnerability by sending crafted TLS 1.2 encrypted traffic through an affected device. A successful exploit could allow the attacker to cause a reload of an affected device. Note: This vulnerability only affects traffic that is encrypted by TLS 1.2. Other versions of TLS are not affected. |
|
| CVE-2026-20017 | Mar 04, 2026 |
Local Auth Cmd Injection in Cisco Secure FTD CLI Root ExecA vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exploit could allow the attacker to execute commands on the underlying operating system as root. |
|
| CVE-2026-20018 | Mar 04, 2026 |
Cisco Secure Firewall FMC/FTD sftunnel Path Traversal: Auth File WriteA vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with administrative privileges to write arbitrary files as root on the underlying operating system. This vulnerability is due to insufficient validation of the directory path during file synchronization. An attacker could exploit this vulnerability by crafting a directory path outside of the expected file location. A successful exploit could allow the attacker to create or replace any file on the underlying operating system. |
Secure Firewall Management Center
|
| CVE-2026-20006 | Mar 04, 2026 |
DoS via TLS crash in Snort3 Engine of Cisco Secure FTDA vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper implementation of the TLS protocol. An attacker could exploit this vulnerability by sending a crafted TLS packet to an affected system. A successful exploit could allow the attacker to cause a device that is running Cisco Secure FTD Software to drop network traffic, resulting in a DoS condition. Note: TLS 1.3 is not affected by this vulnerability. |
|
| CVE-2026-20007 | Mar 04, 2026 |
Cisco Secure FTD: Snort Rule Bypass via Deep Packet Logic ErrorA vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rules and allow traffic onto the network that should have been dropped. This vulnerability is due to a logic error in the integration of the Snort Engine rules with Cisco Secure FTD Software that could allow different Snort rules to be hit when deep inspection of the packet is performed for the inner and outer connections. An attacker could exploit this vulnerability by sending crafted traffic to a targeted device that would hit configured Snort rules. A successful exploit could allow the attacker to send traffic to a network where it should have been denied. |
|
| CVE-2026-20149 | Mar 04, 2026 |
XSS in Cisco Webex from improper input filteringA vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user. |
Webex Meetings
|
| CVE-2026-20082 | Mar 04, 2026 |
Cisco ASA TCP SYN Flood DoS via Mismanaged Connection LimitsA vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new, incoming TCP connections that are destined to management or data interfaces when the device is under a TCP SYN flood attack. An attacker could exploit this vulnerability by sending a crafted stream of traffic to an affected device. A successful exploit could allow the attacker to prevent all incoming TCP connections to the device from being established, including remote management access, Remote Access VPN (RAVPN) connections, and all network protocols that are TCP-based. This results in a denial of service (DoS) condition for affected features. |
Adaptive Security Appliance
|
| CVE-2026-20062 | Mar 04, 2026 |
Auth Bypass CLI ASA SCP Context File CopyA vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the CiscoSSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services pertaining to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context. Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack. |
Adaptive Security Appliance
|
| CVE-2026-20049 | Mar 04, 2026 |
Cisco ASA/FTD GCM-IKEv2 Memory Overrun Causing DoSA vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device. |
Adaptive Security Appliance
|