#VU124594 CRLF injection in Cisco IOS XE - CVE-2026-20113
Published: March 25, 2026
Vulnerability identifier: #VU124594
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20113
CWE-ID: CWE-93
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to inject arbitrary log entries, manipulate the structure of log files, or obscure legitimate log events.
The vulnerability exists due to improper input validation in the web-based Cisco IOx application hosting environment management interface when handling user-supplied input. A remote attacker can send a specially crafted request to inject CRLF sequences and manipulate log entries.
The Cisco IOx application hosting environment must be configured on the device for the vulnerability to be exploitable. The feature is not enabled by default.
Remediation
Install security update from vendor's website.