CVE-2026-20004

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the TLS library of Cisco IOS XE Software that may allow a nearby, unauthenticated attacker to deplete the memory of a vulnerable device. This is caused by inadequate memory resource handling during TLS connection establishment. An attacker could repeatedly trigger conditions that increase memory usage, such as repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled, or by performing a machine-in-the-middle attack and resetting TLS connections. Successful exploitation could exhaust device memory, leading to an unexpected reload and a denial of service (DoS) condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.