CVE-2026-20118
CVE-2026-20118 is a medium-severity vulnerability with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-460.
Key facts
- Severity: Medium (CVSS 3.x base score 6.8)
- EPSS exploit prediction: 0% (24th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-11224
- Weakness: CWE-460
- Published:
- Last modified:
Description
A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface. This vulnerability is due to the corruption of packets in specific cases when an EPNI Aligner interrupt is triggered while an affected device is experiencing heavy transit traffic. An attacker could exploit this vulnerability by sending a continuous flow of crafted packets to an interface of the affected device. A successful exploit could allow the attacker to cause persistent, heavy packet loss, resulting in a denial of service (DoS) condition. Note: If active exploitation of this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates. This change was made because the affected device operates within a critical network segment where compromise could lead to significant disruption or exposure, thereby elevating the overall risk beyond the base technical severity.
Frequently asked questions
- What is CVE-2026-20118?
- A vulnerability in the handling of an Egress Packet Network Interface (EPNI) Aligner interrupt in Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series with NC57 line cards and Cisco NCS 5700 Routers and Cisco IOS XR Software for Third Party Software could allow an unauthenticated, remote attacker to cause the network processing unit (NPU) and ASIC to stop processing, preventing traffic from traversing the interface. This vulnerability is due to the corruption of packets in specific cases when an EPNI Aligner interrupt is triggered while an affected device is experiencing heavy transit traffic. An attacker could exploit this vulnerability by sending a continuous flow of crafted packets to an interface of the affected device. A successful exploit could allow the attacker to cause persistent, heavy packet loss, resulting in a denial of service (DoS) condition. Note: If active exploitation of this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider. Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates. This change was made because the affected device operates within a critical network segment where compromise could lead to significant disruption or exposure, thereby elevating the overall risk beyond the base technical severity.
- How severe is CVE-2026-20118?
- CVE-2026-20118 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2026-20118 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (24th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-20118?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-20118 have an EU (EUVD) identifier?
- Yes. CVE-2026-20118 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-11224.
- When was CVE-2026-20118 published?
- CVE-2026-20118 was published on 2026-03-11 and last updated on 2026-06-17.
References
Other CWE-460 vulnerabilities
- CVE-2026-40583 — High (CVSS 8.2): UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit a signed…
- CVE-2023-46393 — High (CVSS 7.5): gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to…
- CVE-2024-0316 — Medium (CVSS 6.8): Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This…
- CVE-2025-32439 — Medium (CVSS 6.5): pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track…
- CVE-2025-30157 — Medium (CVSS 6.5): Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10,…
- CVE-2025-69652 — Medium (CVSS 6.2): GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF…