SB20260325182 - Two vulnerabilities in Cisco IOx Application Hosting Environment on Cisco IOS XE

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) CRLF injection (CVE-ID: CVE-2026-20113)

The vulnerability allows a remote attacker to inject arbitrary log entries, manipulate the structure of log files, or obscure legitimate log events.

The vulnerability exists due to improper input validation in the web-based Cisco IOx application hosting environment management interface when handling user-supplied input. A remote attacker can send a specially crafted request to inject CRLF sequences and manipulate log entries.

The Cisco IOx application hosting environment must be configured on the device for the vulnerability to be exploitable. The feature is not enabled by default.

2) Stored cross-site scripting (CVE-ID: CVE-2026-20112)

The vulnerability allows a remote user to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

The vulnerability exists due to improper input validation in the web-based Cisco IOx application hosting environment management interface when processing user-supplied input. A remote user can inject malicious code into specific pages of the interface to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

To exploit this vulnerability, the attacker must have valid administrative credentials and user interaction is required.

Remediation

Install update from vendor's website.

References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-crlf-NvgKTKJZ
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq69499
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-xss-LpGkzwtJ
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq69484