What is CVE-2026-20084?

A high-severity vulnerability in Cisco IOS XE Software could allow unauthenticated attackers to cause denial of service through BOOTP packet forwarding. Immediate action is needed to mitigate this risk.

What is the severity of CVE-2026-20084?

CVE-2026-20084 has a severity rating of HIGH with a CVSS base score of 8.6.

CVE-2026-20084 | High Vulnerability in Cisco IOS XE Software

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request packets to an affected device. A successful exploit could allow an attacker to forward BOOTP packets from one VLAN to another, resulting in BOOTP VLAN leakage and potentially leading to high CPU utilization. This makes the device unreachable (either through console or remote management) and unable to forward traffic, resulting in a DoS condition. Note: This vulnerability can be exploited with either unicast or broadcast BOOTP packets. There are workarounds that address this vulnerability.

The CVSS score assigned to this vulnerability is 8.6, indicating a high severity level. This score indicates that the vulnerability is easily exploitable over the network with low attack complexity and requires no privileges or user interaction for successful exploitation. The availability impact is rated high, which means it can severely affect system operations and service availability.

Risk to organizations includes potential service outages due to denial of service, which could disrupt operations significantly. Given that this vulnerability affects Cisco IOS XE Software, which is widely used in enterprise environments, the potential blast radius is considerable. Organizations should prioritize patching immediately.

As of now, there is no known public exploit confirmed, and the vulnerability is classified as awaiting analysis. However, organizations are advised to implement available workarounds to mitigate the risk until an official patch is released.

In light of the potential for exploitation, organizations should remain vigilant and monitor for any updates or advisories related to this vulnerability from Cisco.

Vulnerability Details

The CVSS score for this vulnerability is 8.6, which indicates high severity. The vulnerability can affect availability and is classified under CWE-400, which refers to the improper resource management.

Technical Analysis

The root cause of the vulnerability lies in the mishandling of BOOTP packets, which allows attackers to exploit the DHCP snooping feature and cause a denial of service condition. The attack vector is network-based, requiring low complexity to execute, and no privileges are required to initiate the attack. User interaction is also not required for exploitation.

Risk & Impact Analysis

Real-world deployment risk is significant due to the widespread use of Cisco IOS XE Software in enterprise environments. The potential impact includes service outages and operational disruptions. Organizations should assess their exposure and prioritize addressing this vulnerability in their patch management processes.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch

Mitigation & Remediation

Organizations should prioritize patching immediately. If a patch is not yet available, organizations should implement the workarounds provided by Cisco to mitigate the risk of exploitation. Additional security measures, such as network segmentation and monitoring, can also help reduce exposure.

Detection Guidance

Monitoring logs for unusual BOOTP packet activity and high CPU utilization can help in detecting potential exploitation attempts. Organizations should also look for behavioral anomalies that deviate from normal operations.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to disrupt critical network services. Organizations should consider this vulnerability a strategic risk and incorporate it into their overall security posture. Regular reviews of network configurations and ongoing security awareness training for personnel can help mitigate similar vulnerabilities in the future.

For further insights and guidance on security measures, organizations can refer to our penetration testing methodology and other security resources.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-20084: High Vulnerability in Cisco IOS XE Software