Summaryinfo

A vulnerability categorized as problematic has been discovered in Cisco IOS XE. This impacts an unknown function of the component Bootloader. Such manipulation leads to buffer underflow. This vulnerability is documented as CVE-2026-20104. The attack can be executed directly on the physical device. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Cisco IOS XE. It has been rated as problematic. Affected by this issue is an unknown functionality of the component Bootloader. The manipulation with an unknown input leads to a buffer underflow vulnerability. Using CWE to declare the problem leads to CWE-124. The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute arbitrary code at boot time and break the chain of trust. This vulnerability is due to insufficient validation of software at boot time. An attacker could exploit this vulnerability by manipulating the loaded binaries on an affected device to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to execute code that bypasses the requirement to run Cisco-signed images. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates because this vulnerability allows an attacker to bypass a major security feature of a device.

The advisory is available at sec.cloudapps.cisco.com. This vulnerability is handled as CVE-2026-20104 since 10/08/2025. The exploitation is known to be easy. Local access is required to approach this attack. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-15435). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XE

Version

• 16.12.6
• 16.12.6a
• 16.12.7
• 16.12.8
• 17.3.3
• 17.3.4
• 17.3.4b
• 17.3.5
• 17.3.6
• 17.3.7
• 17.3.8
• 17.3.8a
• 17.4.1
• 17.5.1
• 17.6.1
• 17.6.1y
• 17.6.2
• 17.6.3
• 17.6.4
• 17.6.5
• 17.6.5a
• 17.6.6
• 17.6.6a
• 17.6.7
• 17.6.8
• 17.7.1
• 17.7.1a
• 17.8.1
• 17.8.1a
• 17.9.1
• 17.9.1a
• 17.9.2
• 17.9.3
• 17.9.4
• 17.9.4a
• 17.9.5
• 17.9.5b
• 17.9.6
• 17.9.6a
• 17.9.7
• 17.9.8
• 17.10.1
• 17.11.1
• 17.12.1
• 17.12.2
• 17.12.3
• 17.12.4
• 17.12.5
• 17.12.6
• 17.13.1
• 17.14.1
• 17.15.1
• 17.15.2
• 17.15.3
• 17.15.4
• 17.16.1
• 17.17.1
• 17.18.1
• 17.18.2

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion