CVE-2026-20012

Name of the Vulnerable Software and Affected Versions Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified) Cisco Secure Firewall Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified)

Description A flaw exists in the Internet Key Exchange version 2 (IKEv2) feature that may allow a remote attacker to cause a denial of service (DoS) condition. This is due to improper parsing of IKEv2 packets. An attacker could exploit this by sending crafted IKEv2 packets to an affected device. Successful exploitation of Cisco IOS Software and IOS XE Software could cause the device to reload, resulting in a DoS condition. Successful exploitation of Cisco Secure Firewall ASA Software and Secure FTD Software could lead to partial system memory exhaustion, causing instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.