Cyber Resilience

CVE-2026-20074

High

Published: 11 March 2026

Published
11 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0005 15.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20074 is a high-severity Improper Validation of Specified Type of Input (CWE-1287) vulnerability in Cisco IOS XR (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 15.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-20074 is a vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software. It stems from insufficient input validation of ingress IS-IS packets, which could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. The vulnerability affects devices running this software where the IS-IS protocol is enabled, and it has a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), associated with CWE-1287.

An attacker must be Layer 2-adjacent to the affected device and form an IS-IS adjacency before exploiting the issue by sending crafted IS-IS packets. A successful exploit would restart the IS-IS process, leading to a temporary loss of connectivity to advertised networks and resulting in a denial-of-service (DoS) condition on the device.

Cisco has published a security advisory detailing the vulnerability, affected releases, and mitigation options, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK.

EU & UK References

Vulnerability details

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress…

more

IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.  

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Crafted IS-IS packets exploit input validation flaw to crash routing process, directly enabling application/system exploitation for DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-48858Shared CWE-1287
CVE-2025-20251Shared CWE-1287
CVE-2026-2454Shared CWE-1287
CVE-2025-20630Shared CWE-1287
CVE-2025-20621Shared CWE-1287
CVE-2026-20119Shared CWE-1287
CVE-2026-29645Shared CWE-1287
CVE-2024-5594Shared CWE-1287
CVE-2026-33806Shared CWE-1287
CVE-2026-2004Shared CWE-1287

Affected Assets

Cisco
IOS XR
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of ingress IS-IS packets, addressing the root cause of insufficient input validation that leads to process restart.

prevent

Explicitly protects against crafted-packet DoS conditions that cause loss of routing process and network connectivity.

prevent

Enforces boundary filtering and flow controls on Layer-2-adjacent IS-IS traffic before adjacency formation or malicious packets reach the routing process.

References