CVE-2026-20125

CWE-2284 documents4 sources
Severity
7.7HIGH
EPSS
0.2%
top 62.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XE SoftwareCisco IOS
Timeline
PublishedMar 25

Description

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software157 versions+156
CVEListV5cisco/ios943 versions+942

🔴Vulnerability Details

2
GHSA
GHSA-qhwv-qr62-wrrh: A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to2026-03-25
CVEList
CVE-2026-20125: A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to2026-03-25

📋Vendor Advisories

1
Cisco
Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability2026-03-25
CVE-2026-20125 (HIGH CVSS 7.7) | A vulnerability in the HTTP Server | cvebase.io