Home / Vulnerability Intelligence / CVE-2026-20086

CVE-2026-20086 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 26, 2026

Cisco IOS XE Wireless Controller Software - Denial of Service

Published: March 25, 2026Updated: March 26, 2026Remote Exploitable

Overview

Cisco IOS XE Wireless Controller Software for Catalyst CW9800 Family contains a denial of service vulnerability caused by improper handling of malformed CAPWAP packets, letting unauthenticated remote attackers cause device reloads, exploit requires sending malformed CAPWAP packets.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 10.5%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can cause device reloads, resulting in denial of service.

Mitigation

Update to the latest available version of Cisco IOS XE Wireless Controller Software for Catalyst CW9800 Family.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-dos-hnX5KGOm

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 25, 2026

🟠 CVE-2026-20086 - High (8.6) A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20086/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-20086
Severity: High
CVSS Score: 8.6
Type: denial_of_service
Status: unconfirmed
EPSS: 10.5%
Social Posts: 1

CWE

CWE-230

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

10.5%Probability of exploitation in the next 30 days