CVE-2026-20118

CWE-4604 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 73.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco IOS XR Software
Timeline
PublishedMar 11

Description

A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface. This vulnerability is due to the corruption of packets

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages1 packages

CVEListV5cisco/cisco_ios_xr_software23 versions+22

🔴Vulnerability Details

2
CVEList
Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability2026-03-11
GHSA
GHSA-vgpf-3m99-q785: A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence2026-03-11

📋Vendor Advisories

1
Cisco
Cisco IOS XR Egress Packet Network Interface Aligner Interrupt Denial of Service Vulnerability2026-03-11
CVE-2026-20118 (MEDIUM CVSS 6.8) | A vulnerability in the handling of | cvebase.io