Remote Information Disclosure Vulnerability in Cisco Meraki
CVE-2026-20115

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS Xe Software
Vendor: CVE Published:; 25 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20115?

A vulnerability in Cisco IOS XE Software for Cisco Meraki exposes sensitive device configuration information to remote, unauthenticated attackers. This occurs because device configuration uploads are made over an insecure tunnel. Attackers can execute an on-path attack between the compromised device and the Cisco Meraki Dashboard, which allows them to access confidential device details. Protecting your devices from this vulnerability requires immediate attention to secure communication channels.

Affected Version(s)

Cisco IOS XE Software 17.14.1

Cisco IOS XE Software 17.14.1a

Cisco IOS XE Software 17.15.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 25, 2026
Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20115 Data

JSON