{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20086", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.367Z", "datePublished": "2026-03-25T16:02:55.912Z", "dateUpdated": "2026-03-25T16:02:55.912Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-03-25T16:02:55.912Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition."}], "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"version": "17.14.1", "status": "affected"}, {"version": "17.15.1", "status": "affected"}, {"version": "17.15.2", "status": "affected"}, {"version": "17.15.3", "status": "affected"}, {"version": "17.15.2b", "status": "affected"}, {"version": "17.15.4", "status": "affected"}, {"version": "17.15.4d", "status": "affected"}, {"version": "17.16.1", "status": "affected"}, {"version": "17.17.1", "status": "affected"}, {"version": "17.18.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Handling of Missing Values", "type": "cwe", "cweId": "CWE-230"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm", "name": "cisco-sa-wlc-dos-hnX5KGOm"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-wlc-dos-hnX5KGOm", "discovery": "EXTERNAL", "defects": ["CSCwp13209"]}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of a malformed CAPWAP packet. An attacker could exploit this vulnerability by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition."}], "id": "CVE-2026-20086", "lastModified": "2026-03-25T16:16:13.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2026-03-25T16:16:13.920", "references": [{"source": "psirt@cisco.com", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-230"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T19:35:03.007041+00:00", "value": {"mitigation_remediation": ["Apply the Cisco IOS\u00a0XE software update that addresses this CAPWAP packet parsing issue. ", "Please refer to Cisco\u2019s security advisory for download links and deployment guidance. ", "As a temporary measure, restrict CAPWAP traffic to trusted IP addresses using firewall or ACL rules to reduce exposure. ", "Continuously monitor controller logs for unexpected reloads and other abnormal events. ", "Keep the wireless controller firmware and associated network equipment up to date with the latest security patches."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw affects Cisco IOS\u00a0XE Wireless Controller Software deployed on Catalyst\u00a0CW9800 wireless controllers. No specific software versions are listed in the advisory, so all deployments of this controller family running the vulnerable software are potentially exposed.", "description_and_impact": "A malformed CAPWAP packet can be sent to a Cisco IOS\u00a0XE Wireless Controller (Catalyst\u00a0CW9800 Family) by an unauthenticated remote attacker. The improper parsing of such packets causes the device to reload unexpectedly, resulting in a denial of service. This weakness is categorized as CWE\u2011230, reflecting improper input validation that leads to system destabilization.", "risk_and_exploitability": "The vulnerability is scored CVSS\u20098.6, indicating high severity, and it is not yet listed in the CISA KEV catalog. Because the attack vector is remote and requires no authentication, the likelihood of exploitation is significant in environments where the controller is accessible over a network. The lack of known mitigation steps in the advisory suggests that a vendor patch is the preferred response."}}}}, "created": "2026-03-25T21:30:57.358023+00:00", "title": "Remote Denial of Service via Malformed CAPWAP Packet on Cisco IOS XE Wireless Controller", "updated": "2026-03-25T21:30:57.358077+00:00", "vendors": []}