CVE-2026-20074
📋 TL;DR
This vulnerability in Cisco IOS XR's IS-IS multi-instance routing allows an unauthenticated attacker on the same network segment to send specially crafted IS-IS packets, causing the IS-IS routing process to crash and restart. This results in temporary network connectivity loss and denial of service. Only devices running affected Cisco IOS XR versions with IS-IS multi-instance feature enabled are vulnerable.
💻 Affected Systems
- Cisco IOS XR Software
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could cause sustained IS-IS process crashes, leading to extended routing instability, network partitions, and complete loss of connectivity to networks advertised via IS-IS.
Likely Case
Temporary IS-IS process restart causing brief routing flaps and connectivity interruptions until process recovers, potentially affecting multiple networks.
If Mitigated
Minimal impact with proper network segmentation and access controls preventing unauthorized Layer 2 adjacency to affected devices.
🎯 Exploit Status
Exploitation requires Layer 2 adjacency and IS-IS adjacency establishment, which requires some network knowledge but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Cisco advisory for fixed releases
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK
Restart Required: Yes
Instructions:
1. Review Cisco advisory for affected versions. 2. Upgrade to fixed software release. 3. Reload device to apply new software. 4. Verify IS-IS process stability.
🔧 Temporary Workarounds
Disable IS-IS Multi-Instance
cisco-ios-xrConfigure single-instance IS-IS instead of multi-instance if possible
router isis [instance-name]
no multi-instance
Implement Layer 2 Access Controls
allRestrict Layer 2 adjacency to trusted devices only using port security, MAC filtering, or VLAN segmentation
🧯 If You Can't Patch
- Implement strict Layer 2 security controls to prevent unauthorized devices from forming adjacency
- Monitor IS-IS process health and implement automated restart/recovery procedures
🔍 How to Verify
Check if Vulnerable:
Check Cisco advisory for affected versions and verify if IS-IS multi-instance is configured: 'show running-config router isis'Check Version:
show version | include Cisco IOS XR SoftwareVerify Fix Applied:
Verify upgraded to fixed version: 'show version' and confirm IS-IS process stability: 'show processes isis'📡 Detection & Monitoring
Log Indicators:
- IS-IS process restart/crash logs
- Unexpected adjacency changes
- Routing table flaps
Network Indicators:
- Unusual IS-IS packet patterns from untrusted sources
- Repeated IS-IS adjacency resets
SIEM Query:
source="cisco-ios-xr" AND ("IS-IS" AND (restart OR crash OR unexpected))