CVE-2026-20012
Published: 25 March 2026
Summary
CVE-2026-20012 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific flaw in IKEv2 packet parsing causing memory leaks and DoS by requiring timely installation of vendor patches.
Protects against DoS from crafted IKEv2 packets by monitoring traffic patterns and limiting resources to prevent service disruption.
Ensures resource availability by monitoring and restricting memory usage to mitigate exhaustion from repeated exploitation of the IKEv2 memory leak.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote attackers to send crafted IKEv2 packets causing memory leaks, device reloads, or resource exhaustion, directly enabling endpoint DoS via application/system exploitation.
NVD Description
A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote…
more
attacker to trigger a memory leak, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit of Cisco IOS Software and IOS XE Software could allow the attacker to cause the affected device to reload, resulting in a DoS condition. A successful exploit of Cisco Secure Firewall ASA Software and Secure FTD Software could allow the attacker to partially exhaust system memory, resulting in system instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.
Deeper analysisAI
CVE-2026-20012 is a vulnerability in the Internet Key Exchange version 2 (IKEv2) feature affecting Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software. The issue stems from improper parsing of IKEv2 packets, which could allow an unauthenticated, remote attacker to trigger a memory leak and cause a denial-of-service (DoS) condition. It has a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-401 (Memory Leak).
An attacker can exploit this vulnerability by sending crafted IKEv2 packets to an affected device. For Cisco IOS Software and IOS XE Software, a successful exploit causes the device to reload, resulting in a DoS condition. For Cisco Secure Firewall ASA Software and FTD Software, it leads to partial exhaustion of system memory, causing instability such as the inability to establish new IKEv2 VPN sessions. Recovery requires a manual reboot of the device.
The Cisco Security Advisory provides details on mitigation and available patches: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-kPEpQGGK.
Details
- CWE(s)