CVE-2026-20086 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 25, 2026
Cisco IOS XE Wireless Controller Software - Denial of Service
Published: March 25, 2026Updated: March 25, 2026Remote Exploitable
Overview
Cisco IOS XE Wireless Controller Software for Catalyst CW9800 Family contains a denial of service vulnerability caused by improper handling of malformed CAPWAP packets, letting unauthenticated remote attackers cause device reloads, exploit requires sending malformed CAPWAP packets.
Severity & Score
Severity: High
CVSS Score: 8.6
Impact
Unauthenticated remote attackers can cause device reloads, resulting in denial of service.
Mitigation
Update to the latest available version of Cisco IOS XE Wireless Controller Software for Catalyst CW9800 Family.
Related Resources
Details
- CVE ID
- CVE-2026-20086
- Severity
- High
- CVSS Score
- 8.6
- Type
- denial_of_service
- Status
- new
CWE
- CWE-230
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H