CRLF injection in Cisco IOS XE - CVE-2026-20113

 

CRLF injection in Cisco IOS XE - CVE-2026-20113

Published: March 25, 2026


Vulnerability identifier: #VU124594
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20113
CWE-ID: CWE-93
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XE

Detailed vulnerability description

The vulnerability allows a remote attacker to inject arbitrary log entries, manipulate the structure of log files, or obscure legitimate log events.

The vulnerability exists due to improper input validation in the web-based Cisco IOx application hosting environment management interface when handling user-supplied input. A remote attacker can send a specially crafted request to inject CRLF sequences and manipulate log entries.

The Cisco IOx application hosting environment must be configured on the device for the vulnerability to be exploitable. The feature is not enabled by default.


How to mitigate CVE-2026-20113

Install security update from vendor's website.

Sources