CVE-2026-20104Buffer Underflow in Cisco IOS XE Software

CWE-124Buffer Underflow4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 89.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedMar 25

Description

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute arbitrary code at boot time and break the chain of trust. This vulnerability is due to i

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xe_software59 versions+58

🔴Vulnerability Details

2
GHSA
GHSA-38h5-57rq-7mj8: A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, C2026-03-25
CVEList
CVE-2026-20104: A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, C2026-03-25

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Cisco Catalyst and Rugged Series Switches Secure Boot Bypass Vulnerability2026-03-25
CVE-2026-20104 — Buffer Underflow in Cisco | cvebase