Cisco IOS Software and IOS XE Software Release 3E HTTP Server Denial of Service Vulnerability

Monitor7.7cisco-sa-ios-http-dos-sbv8XRpLMar 25, 2026

Cisco

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E allows an authenticated remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malformed HTTP requests to an affected device. A successful exploit causes a watchdog timer to expire and the device to reload. To exploit this vulnerability, the attacker must have a valid user account. Cisco has released software updates that address this vulnerability.

What this means

What could happen

An attacker with valid credentials could send malformed HTTP requests to cause a router or switch to reload unexpectedly, interrupting all network traffic passing through the device.

Who's at risk

This affects Cisco routers and switches running IOS or IOS XE Software Release 3E with the HTTP server enabled. Organizations relying on these devices for network routing and switching in enterprise, campus, or critical infrastructure networks should prioritize patching.

How it could be exploited

An attacker with a valid user account sends a specially crafted HTTP request to the device's HTTP server (port 80 by default). The malformed request triggers improper input validation, causing a watchdog timer to expire and forcing the device to reboot.

Prerequisites

Valid user account credentials (local or AAA-authenticated)
Network reachability to the device's HTTP server port (default port 80)
HTTP server feature must be enabled on the device

Remotely exploitableRequires valid authenticationLow complexity attackAffects network availabilityCan cause extended downtime during device reload

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Cisco IOS Software and IOS XE Software Release 3E HTTP Server12.2(25)EZ through 3.9.2bEFix available

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDDisable the HTTP server feature if not required for management operations

HARDENINGRestrict HTTP access to the management interface using access control lists (ACLs) to allow only authorized management stations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cisco IOS or IOS XE Software Release 3E to version 3.9.2bE or later

CVEs (1)

CVE-2026-20125

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c5daf6a8-ce8a-4291-9655-d2f5d62ddf35

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.