Description
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly.

This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.
Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.  
Published: 2026-03-11
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Cisco IOS XR Software’s Intermediate System-to-Intermediate System (IS-IS) multi‑instance routing feature contains an input‑validation flaw in the handling of ingress IS‑IS packets, as highlighted by Cisco: a crafted packet can trigger a restart of the IS‑IS process, leading to a loss of connectivity to advertised networks and a temporary denial of service. The weakness is classified as CWE‑1287, a race or state‑management error that affects process stability. Key detail from vendor description: "The vulnerability is due to insufficient input validation of ingress IS‑IS packets."

Affected Systems

Affected systems are Cisco IOS XR Software. No specific vulnerable versions are listed in the CNA data, so all releases of this product require checking against Cisco’s official advisory for potential exposure.

Risk and Exploitability

CVSS score of 7.4 indicates a high severity. EPSS score of less than 1% suggests a low likelihood of active exploitation. The vulnerability is not in the CISA KEV catalog. Exploitation requires a Layer‑2 adjacency and an established IS‑IS neighbor, after which an attacker can send malformed packets to cause a process reboot. The resulting denial of service can disrupt routing for all advertised networks until the IS‑IS process restarts. Key detail from vendor description: "To exploit this vulnerability, an attacker must be Layer 2‑adjacent to the affected device and must have formed an adjacency."

Generated by OpenCVE AI on March 17, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the Cisco IOS XR Software version and consult the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK to determine if a patch or firmware update is available.
  • Apply the released Cisco patch or firmware update that addresses the IS‑IS multi‑instance input‑validation flaw.
  • If a patch cannot be applied immediately, isolate the affected router from the surrounding network or reroute traffic to minimize the impact of a potential denial of service.
  • Enable detailed logging of IS‑IS adjacency creation and failure events and monitor logs for abnormal packet patterns that could indicate an exploitation attempt.

Generated by OpenCVE AI on March 17, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xr Software
Vendors & Products Cisco
Cisco ios Xr Software

Wed, 11 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly. This vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.&nbsp;&nbsp;
Title Cisco IOS XR Software Multi-Instance Intermediate System-to-Intermediate System Denial of Service Vulnerability
Weaknesses CWE-1287
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Ios Xr Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-11T17:20:21.640Z

Reserved: 2025-10-08T11:59:15.362Z

Link: CVE-2026-20074

cve-icon Vulnrichment

Updated: 2026-03-11T17:14:25.185Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T17:16:55.470

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-20074

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:30:31Z

Weaknesses