Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

CVE-2026-20113

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events.

SeverityMEDIUM
CVSS5.3
CWECWE-93
KEV No
Published
Modified

Related Products

Product Advisory Evidence
Cisco IOS cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln
Cisco IOx cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln
Cisco IOS XE Software cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln
Cisco Catalyst 9600 Series Switches cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches cisco-sa-iox-crlf-NvgKTKJZ Cisco OpenVuln · software-dependent