Memory Exhaustion Vulnerability in Cisco IOS XE Software TLS Library
CVE-2026-20004

7.4HIGH

Key Information:

Vendor

Cisco
Status
Cisco iOS Xe Software
Vendor
CVE Published:
25 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20004?

A vulnerability in the TLS library of Cisco IOS XE Software allows attackers to execute denial of service (DoS) attacks by exploiting improper memory management during TLS connection setups. By triggering repeated conditions, such as through EAP authentication or man-in-the-middle tactics, an attacker can exhaust the device's memory, potentially forcing it into an unexpected reload. This exploitation could critically impact the performance and reliability of network services.

Affected Version(s)

Cisco IOS XE Software 16.9.1

Cisco IOS XE Software 16.9.2

Cisco IOS XE Software 16.9.1a

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.