Description
A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.
Published: 2026-03-25
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A malformed CAPWAP packet can be sent to a Cisco IOS XE Wireless Controller (Catalyst CW9800 Family) by an unauthenticated remote attacker. The improper parsing of such packets causes the device to reload unexpectedly, resulting in a denial of service. This weakness is categorized as CWE‑230, reflecting improper input validation that leads to system destabilization.

Affected Systems

The flaw affects Cisco IOS XE Wireless Controller Software deployed on Catalyst CW9800 wireless controllers. No specific software versions are listed in the advisory, so all deployments of this controller family running the vulnerable software are potentially exposed.

Risk and Exploitability

The vulnerability is scored CVSS 8.6, indicating high severity, and it is not yet listed in the CISA KEV catalog. Because the attack vector is remote and requires no authentication, the likelihood of exploitation is significant in environments where the controller is accessible over a network. The lack of known mitigation steps in the advisory suggests that a vendor patch is the preferred response.

Generated by OpenCVE AI on March 25, 2026 at 19:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Cisco IOS XE software update that addresses this CAPWAP packet parsing issue.
  • Please refer to Cisco’s security advisory for download links and deployment guidance.
  • As a temporary measure, restrict CAPWAP traffic to trusted IP addresses using firewall or ACL rules to reduce exposure.
  • Continuously monitor controller logs for unexpected reloads and other abnormal events.
  • Keep the wireless controller firmware and associated network equipment up to date with the latest security patches.

Generated by OpenCVE AI on March 25, 2026 at 19:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios Xe Software

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Malformed CAPWAP Packet on Cisco IOS XE Wireless Controller

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition.
Weaknesses CWE-230
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Ios Xe Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-26T17:40:42.427Z

Reserved: 2025-10-08T11:59:15.367Z

Link: CVE-2026-20086

cve-icon Vulnrichment

Updated: 2026-03-26T17:40:38.380Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:13.920

Modified: 2026-03-26T15:13:33.940

Link: CVE-2026-20086

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:42:48Z

Weaknesses