CVE-2026-20113

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the web-based Cisco IOx application hosting environment management interface that could allow a remote attacker to inject carriage return line feed (CRLF) characters against a user without authentication. This is due to inadequate validation of user input. An attacker could exploit this by sending crafted packets to a vulnerable device, potentially allowing arbitrary log entry injection, manipulation of log file structure, or obscuring legitimate log events.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.