CVE-2026-20113

Medienbericht

EPSS 0.03%
Veröffentlicht 25.03.2026 16:16:15
Zuletzt bearbeitet 26.03.2026 15:13:15
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user.

 This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco IOS XE Software

Version 16.6.1

Status affected

Version 16.6.2

Status affected

Version 16.6.3

Status affected

Version 16.6.4

Status affected

Version 16.6.5

Status affected

Version 16.6.4a

Status affected

Version 16.6.5a

Status affected

Version 16.6.6

Status affected

Version 16.6.7

Status affected

Version 16.6.8

Status affected

Version 16.6.9

Status affected

Version 16.6.10

Status affected

Version 16.7.1

Status affected

Version 16.7.1a

Status affected

Version 16.7.1b

Status affected

Version 16.7.2

Status affected

Version 16.7.3

Status affected

Version 16.7.4

Status affected

Version 16.8.1

Status affected

Version 16.8.1a

Status affected

Version 16.8.1b

Status affected

Version 16.8.1s

Status affected

Version 16.8.1c

Status affected

Version 16.8.1d

Status affected

Version 16.8.2

Status affected

Version 16.8.1e

Status affected

Version 16.8.3

Status affected

Version 16.9.1

Status affected

Version 16.9.2

Status affected

Version 16.9.1a

Status affected

Version 16.9.1b

Status affected

Version 16.9.1s

Status affected

Version 16.9.3

Status affected

Version 16.9.4

Status affected

Version 16.9.5

Status affected

Version 16.9.5f

Status affected

Version 16.9.6

Status affected

Version 16.9.7

Status affected

Version 16.9.8

Status affected

Version 16.10.1

Status affected

Version 16.10.1a

Status affected

Version 16.10.1b

Status affected

Version 16.10.1s

Status affected

Version 16.10.1c

Status affected

Version 16.10.1e

Status affected

Version 16.10.1d

Status affected

Version 16.10.2

Status affected

Version 16.10.1f

Status affected

Version 16.10.1g

Status affected

Version 16.10.3

Status affected

Version 16.11.1

Status affected

Version 16.11.1a

Status affected

Version 16.11.1b

Status affected

Version 16.11.2

Status affected

Version 16.11.1s

Status affected

Version 16.12.1

Status affected

Version 16.12.1s

Status affected

Version 16.12.1a

Status affected

Version 16.12.1c

Status affected

Version 16.12.1w

Status affected

Version 16.12.2

Status affected

Version 16.12.1y

Status affected

Version 16.12.2a

Status affected

Version 16.12.3

Status affected

Version 16.12.8

Status affected

Version 16.12.2s

Status affected

Version 16.12.1x

Status affected

Version 16.12.1t

Status affected

Version 16.12.4

Status affected

Version 16.12.3s

Status affected

Version 16.12.3a

Status affected

Version 16.12.4a

Status affected

Version 16.12.5

Status affected

Version 16.12.6

Status affected

Version 16.12.1z1

Status affected

Version 16.12.5a

Status affected

Version 16.12.5b

Status affected

Version 16.12.1z2

Status affected

Version 16.12.6a

Status affected

Version 16.12.7

Status affected

Version 16.12.10a

Status affected

Version 16.12.11

Status affected

Version 17.1.1

Status affected

Version 17.1.1a

Status affected

Version 17.1.1s

Status affected

Version 17.1.1t

Status affected

Version 17.1.3

Status affected

Version 17.2.1

Status affected

Version 17.2.1r

Status affected

Version 17.2.1a

Status affected

Version 17.2.1v

Status affected

Version 17.2.2

Status affected

Version 17.2.3

Status affected

Version 17.3.1

Status affected

Version 17.3.2

Status affected

Version 17.3.3

Status affected

Version 17.3.1a

Status affected

Version 17.3.1w

Status affected

Version 17.3.2a

Status affected

Version 17.3.1x

Status affected

Version 17.3.1z

Status affected

Version 17.3.4

Status affected

Version 17.3.5

Status affected

Version 17.3.4a

Status affected

Version 17.3.6

Status affected

Version 17.3.4b

Status affected

Version 17.3.4c

Status affected

Version 17.3.5a

Status affected

Version 17.3.5b

Status affected

Version 17.3.7

Status affected

Version 17.3.8

Status affected

Version 17.3.8a

Status affected

Version 17.4.1

Status affected

Version 17.4.2

Status affected

Version 17.4.1a

Status affected

Version 17.4.1b

Status affected

Version 17.4.2a

Status affected

Version 17.5.1

Status affected

Version 17.5.1a

Status affected

Version 17.6.1

Status affected

Version 17.6.2

Status affected

Version 17.6.1w

Status affected

Version 17.6.1a

Status affected

Version 17.6.1x

Status affected

Version 17.6.3

Status affected

Version 17.6.1y

Status affected

Version 17.6.1z

Status affected

Version 17.6.3a

Status affected

Version 17.6.4

Status affected

Version 17.6.1z1

Status affected

Version 17.6.5

Status affected

Version 17.6.6

Status affected

Version 17.6.6a

Status affected

Version 17.6.5a

Status affected

Version 17.6.7

Status affected

Version 17.6.8

Status affected

Version 17.6.8a

Status affected

Version 17.7.1

Status affected

Version 17.7.1a

Status affected

Version 17.7.1b

Status affected

Version 17.7.2

Status affected

Version 17.10.1

Status affected

Version 17.10.1a

Status affected

Version 17.10.1b

Status affected

Version 17.8.1

Status affected

Version 17.8.1a

Status affected

Version 17.9.1

Status affected

Version 17.9.1w

Status affected

Version 17.9.2

Status affected

Version 17.9.1a

Status affected

Version 17.9.1x

Status affected

Version 17.9.1y

Status affected

Version 17.9.3

Status affected

Version 17.9.2a

Status affected

Version 17.9.1x1

Status affected

Version 17.9.3a

Status affected

Version 17.9.4

Status affected

Version 17.9.1y1

Status affected

Version 17.9.5

Status affected

Version 17.9.4a

Status affected

Version 17.9.5a

Status affected

Version 17.9.5b

Status affected

Version 17.9.6

Status affected

Version 17.9.6a

Status affected

Version 17.9.7

Status affected

Version 17.9.5e

Status affected

Version 17.9.5f

Status affected

Version 17.9.8

Status affected

Version 17.9.7a

Status affected

Version 17.9.7b

Status affected

Version 17.11.1

Status affected

Version 17.11.1a

Status affected

Version 17.12.1

Status affected

Version 17.12.1w

Status affected

Version 17.12.1a

Status affected

Version 17.12.1x

Status affected

Version 17.12.2

Status affected

Version 17.12.3

Status affected

Version 17.12.2a

Status affected

Version 17.12.1y

Status affected

Version 17.12.1z

Status affected

Version 17.12.4

Status affected

Version 17.12.3a

Status affected

Version 17.12.1z1

Status affected

Version 17.12.1z2

Status affected

Version 17.12.4a

Status affected

Version 17.12.5

Status affected

Version 17.12.4b

Status affected

Version 17.12.1z3

Status affected

Version 17.12.5a

Status affected

Version 17.12.1z4

Status affected

Version 17.12.6

Status affected

Version 17.12.5b

Status affected

Version 17.12.5c

Status affected

Version 17.12.6a

Status affected

Version 17.12.5d

Status affected

Version 17.12.1z5

Status affected

Version 17.12.1z6

Status affected

Version 17.12.6b

Status affected

Version 17.13.1

Status affected

Version 17.13.1a

Status affected

Version 17.14.1

Status affected

Version 17.14.1a

Status affected

Version 17.15.1

Status affected

Version 17.15.1w

Status affected

Version 17.15.1a

Status affected

Version 17.15.2

Status affected

Version 17.15.1b

Status affected

Version 17.15.1x

Status affected

Version 17.15.1z

Status affected

Version 17.15.3

Status affected

Version 17.15.2c

Status affected

Version 17.15.2a

Status affected

Version 17.15.1y

Status affected

Version 17.15.2b

Status affected

Version 17.15.3a

Status affected

Version 17.15.4

Status affected

Version 17.15.3b

Status affected

Version 17.15.4d

Status affected

Version 17.15.4e

Status affected

Version 17.16.1

Status affected

Version 17.16.1a

Status affected

Version 17.17.1

Status affected

Version 17.18.1

Status affected

Version 17.18.1w

Status affected

Version 17.18.1a

Status affected

Version 17.18.1x

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.069

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

https://thehackernews.com/2026/03/weekly-recap-telecom-sleeper-cells-llm.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-crlf-NvgKTKJZ

https://nvd.nist.gov/vuln/detail/CVE-2026-20113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20113

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20113