CVE-2026-20118

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards Cisco IOS XR Software for Cisco NCS 5700 Routers Cisco IOS XR Software for Third Party Software

Description A flaw exists in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt. This could allow a remote, unauthenticated attacker to disrupt network processing by causing the network processing unit (NPU) and ASIC to cease functioning, thereby preventing traffic flow. The issue arises from packet corruption when an EPNI Aligner interrupt occurs during periods of high network traffic. An attacker could exploit this by sending a continuous stream of crafted packets to the affected device, leading to persistent packet loss and a denial of service (DoS) condition. Cisco has assigned a Security Impact Rating (SIR) of High due to the critical nature of the network segment where the affected devices operate.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.