Cisco Patches Multiple Vulnerabilities in IOS Software

Summary

Cisco released security patches for twelve high- and medium-severity vulnerabilities in IOS and IOS XE software, most capable of causing denial-of-service conditions. Four publicly disclosed medium-severity flaws affecting Catalyst 9300 Series switches can be chained to achieve privilege escalation and persistent DoS requiring manual recovery. Six high-severity vulnerabilities were also resolved, including one enabling secure boot bypass.

Full text

Cisco on Wednesday announced patches for a dozen high- and medium-severity vulnerabilities in IOS and IOS XE, most of which could be exploited to cause denial-of-service (DoS) conditions. The patches were rolled out as part of Cisco’s semiannual IOS and IOS XE security advisory bundle. While none of the bugs appear to have been exploited in the wild, technical information on four of them has been published. The publicly disclosed issues, tracked as CVE-2026-20110, CVE-2026-20112, CVE-2026-20113, and CVE-2026-20114, are medium-severity defects affecting Cisco Catalyst 9300 Series switches. According to OPSWAT, which discovered and reported the security defects, attackers could chain two of these flaws, CVE-2026-20114 and CVE-2026-20110, to escalate privileges and cause a persistent DoS condition that may require manual intervention to resolve. Impacting the Lobby Ambassador web-based management API, CVE-2026-20114 exists because parameters are not sufficiently validated, allowing attackers logged in as a Lobby Ambassador to create a new user privilege level 1 access to the API and access the device. CVE-2026-20110 impacts the management CLI of the vulnerable devices and “exists because incorrect privileges are associated with the start maintenance command.” This allows an attacker to place the device in maintenance mode.Advertisement. Scroll to continue reading. “By chaining the initial privilege escalation with the subsequent command injection, the maintenance operation could be triggered – resulting in a persistent Denial-of-Service condition. In validated scenarios, restoring normal functionality required physical access to the device, significantly amplifying operational impact,” OPSWAT notes. The other two security defects could be exploited to mount XSS attacks (CVE-2026-20112) or to inject logs via CRLF manipulation (CVE-2026-20113) Cisco’s fresh round of IOS and IOS XE updates resolved six high-severity vulnerabilities, five of which could lead to DoS conditions. The sixth could allow attackers to bypass secure boot. The flaws exist because specific packets are not properly handled, user input is not properly validated, memory resources are not properly managed, or software is not sufficiently validated at boot time. The remaining two medium-severity issues resolved in IOS and IOS XE could lead to information disclosure and DoS conditions. Additional information can be found on Cisco’s security advisories page. Related: Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks Related: Cisco Patches High-Severity IOS XR Vulnerabilities Related: Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited Related: Cisco Patches Critical Vulnerabilities in Enterprise Networking Products Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPIExtortion Group Claims It Hacked AstraZenecaChrome 146 Update Patches High-Severity Vulnerabilities3.1 Million Impacted by QualDerm Data BreachCritical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms WarnMazda Says Employee, Partner Information Stolen in CyberattackChip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack Latest News Chinese Hackers Caught Deep Within Telecom Backbone InfrastructureAlleged RedLine Malware Administrator Extradited to USDell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber ResilienceOnit Security Raises $11 Million for Exposure Management PlatformRussian Cybercriminal Gets 2-Year Prison Sentence in US AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest LinkiOS, macOS 26.4 Roll Out With Fresh Security PatchesFCC Bans New Routers Made Outside the US Over National Security Risks Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the MoveToken has appointed Katy Nelson as Chief Revenue Officer.Hemant Baidwan has joined Knox Systems as Chief Information Security Officer.The US Senate confirmed Markwayne Mullin as DHS Secretary.More People On The MoveExpert Insights Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• cve — CVE-2026-20110
• cve — CVE-2026-20112
• cve — CVE-2026-20113
• cve — CVE-2026-20114