Description
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events.
Published: 2026-03-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Log Manipulation
Action: Apply Patch
AI Analysis

Impact

The CVE describes an unauthenticated, remote carriage-return line-feed injection vulnerability in Cisco IOx’s web-based management interface. Exploitation allows an attacker to inject arbitrary log entries and alter the structure of log files, potentially obscuring legitimate events. The weakness is an input validation flaw (CWE‑93) that can compromise audit trail integrity.

Affected Systems

Affected product is Cisco IOS XE Software. The advisory does not list specific versions, so all releases that include the IOx management interface should be checked for applicability.

Risk and Exploitability

The CVSS base score of 5.3 indicates moderate risk. No EPSS score is published and the vulnerability is not listed in CISA’s KEV catalog. Attack vectors are inferred to be via an unauthenticated remote connection to the web interface; any host with network access to the management port can craft malicious packets to perform the injection.

Generated by OpenCVE AI on March 25, 2026 at 19:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review Cisco’s security advisory and download the latest IOS XE firmware that addresses the CRLF injection issue.
  • Apply the firmware update to all affected devices.
  • Restrict external access to the IOx management interface using firewalls or VLAN segmentation.
  • Continuously monitor system logs for unexpected entries or anomalies that may indicate exploitation.
  • If an immediate patch is not possible, isolate the affected environment until a fix is applied.

Generated by OpenCVE AI on March 25, 2026 at 19:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xe Software
Vendors & Products Cisco
Cisco ios Xe Software

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated CRLF Injection in Cisco IOx Log Management

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to arbitrarily inject log entries, manipulate the structure of log files, or obscure legitimate log events.
Weaknesses CWE-93
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Cisco Ios Xe Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-27T15:02:21.557Z

Reserved: 2025-10-08T11:59:15.375Z

Link: CVE-2026-20113

cve-icon Vulnrichment

Updated: 2026-03-27T15:02:18.243Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:15.637

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-20113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:42:40Z

Weaknesses