Description
A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface.

This vulnerability is due to the corruption of packets in specific cases when an EPNI Aligner interrupt is triggered while an affected device is experiencing heavy transit traffic. An attacker could exploit this vulnerability by sending a continuous flow of crafted packets to an interface of the affected device. A successful exploit could allow the attacker to cause persistent, heavy packet loss, resulting in a denial of service (DoS) condition.
Note: If active exploitation of this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider.
Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates. This change was made because the affected device operates within a critical network segment where compromise could lead to significant disruption or exposure, thereby elevating the overall risk beyond the base technical severity.
Published: 2026-03-11
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability is in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software. Corruption of packets during this interrupt can cause the network processing unit (NPU) and ASIC to stop processing, thereby preventing traffic from traversing the affected interface. This results in a persistent, heavy packet loss that manifests as a denial of service. The weakness is identified as CWE‑460, reflecting a violation of expected operating conditions.

Affected Systems

The affected products are Cisco IOS XR Software running on Cisco Network Convergence System 5500 Series with NC57 line cards and Cisco NCS 5700 routers, as well as any third‑party software compiled for IOS XR. Specific version numbers are not provided in the advisory, so any installation of the listed platforms that incorporates the vulnerable EPNI handling code remains potentially susceptible.

Risk and Exploitability

According to the advisory, the CVSS score is 6.8 and the EPSS probability is less than 1 %. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an unauthenticated remote attacker to send a continuous flow of crafted packets to the affected interface while the device is under heavy transit traffic; the attacker can then force the NPU/ASIC to halt processing. The likely attack vector is remote network traffic, inferred from the requirement to transmit specially crafted packets to the vulnerable interface. The overall risk is considered high by Cisco because the device operates in a critical network segment.

Generated by OpenCVE AI on March 17, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Cisco IOS XR Software patch or update that addresses the EPNI Aligner interrupt issue. (If a patch is not yet available, coordinate with Cisco TAC for guidance.)
  • If a patch is not yet released, consider operator‑level mitigations such as limiting or throttling traffic on the affected interfaces to reduce heavy transit load, or invoke any documented workarounds in the Cisco advisory.
  • Monitor the interface for signs of excessive packet loss, NPU/ASIC stalls, or service interruptions.
  • Contact Cisco TAC or your maintenance provider immediately if you suspect active exploitation.
  • Refer to the Cisco security advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrncs-epni-int-dos-TWMffUsN) for detailed guidance.

Generated by OpenCVE AI on March 17, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco ios Xr Software
Vendors & Products Cisco
Cisco ios Xr Software

Wed, 11 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface. This vulnerability is due to the corruption of packets in specific cases when an EPNI Aligner interrupt is triggered while an affected device is experiencing heavy transit traffic. An attacker could exploit this vulnerability by sending a continuous flow of crafted packets to an interface of the affected device. A successful exploit could allow the attacker to cause persistent, heavy packet loss, resulting in a denial of service (DoS) condition. Note: If active exploitation of this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates. This change was made because the affected device operates within a critical network segment where compromise could lead to significant disruption or exposure, thereby elevating the overall risk beyond the base technical severity.
Title Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Interfaces Aligner Interrupt Denial of Service Vulnerability
Weaknesses CWE-460
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Ios Xr Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-11T17:20:21.023Z

Reserved: 2025-10-08T11:59:15.376Z

Link: CVE-2026-20118

cve-icon Vulnrichment

Updated: 2026-03-11T17:14:18.373Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T17:16:56.223

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-20118

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:30:27Z

Weaknesses