HOMEVULNERABILITIESCVE-2026-20104
MEDIUM

CVE-2026-20104

CWE-124Published: March 25, 2026· Updated: Mar 26, 2026

6.1
CVSS v3.1
EPSS:0.03%probability of exploitation in 30 daysPercentile:9.3th

Official Description

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute arbitrary code at boot time and break the chain of trust.

This vulnerability is due to insufficient validation of software at boot time. An attacker could exploit this vulnerability by manipulating the loaded binaries on an affected device to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to execute code that bypasses the requirement to run Cisco-signed images.

Cisco has assigned this security advisory a Security Impact Rating (SIR) of High rather than Medium as the score indicates because this vulnerability allows an attacker to bypass a major security feature of a device.

NVD Source

Technical Analysis

CVE-2026-20104 requires local access, meaning attackers must already have a foothold on the target system.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 6.1.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorPhysical
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Vendors & Products

Mentioned vendors (from description):
Cisco
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (1)

Quick Facts

CVE IDCVE-2026-20104
CVSS Score6.1 / 10
SeverityMEDIUM
WeaknessCWE-124
CISA KEVNo
EPSS (30d)0.03%
PublishedMar 25, 2026

Related CVEs (CWE-124)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-20104 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.