Routing Protocol Vulnerability in Cisco IOS XR Software
CVE-2026-20074

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco iOS Xr Software
Vendor: CVE Published:; 11 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20074?

An input validation vulnerability exists in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software, which could allow an unauthenticated adjacent attacker to disrupt the IS-IS process. This disruption occurs when the attacker sends specially crafted IS-IS packets to a device after establishing adjacency. Successful exploitation may result in an unexpected restart of the IS-IS process, leading to a temporary loss of connectivity to advertised networks and potentially causing a denial of service.

Affected Version(s)

Cisco IOS XR Software 7.8.1

Cisco IOS XR Software 7.9.1

Cisco IOS XR Software 7.10.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 11, 2026
Vulnerability published
Mar 11, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20074 Data

JSON