CVE-2026-20074

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software (affected versions not specified)

Description A flaw exists in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature that could allow a nearby, unauthenticated attacker to unexpectedly restart the IS-IS process. This is due to inadequate validation of incoming IS-IS packets. An attacker can exploit this by sending specially crafted IS-IS packets to a vulnerable device after establishing a connection. A successful exploit could lead to a temporary loss of network connectivity and a denial-of-service (DoS) condition. The IS-IS protocol is a routing protocol, and an attacker must be on Layer 2 of the network and have established a connection with the affected device to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.