๐Ÿ” CVE Alert

CVE-2026-20114

MEDIUM 5.4
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.

CWE CWE-1286
Vendor cisco
Product cisco ios xe software
Ecosystems
Industries
NetworkingTelecommunications
Published Mar 25, 2026
Last Updated Mar 25, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco ios xe software

Be the first to know when new medium vulnerabilities affecting cisco cisco ios xe software are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

Cisco / Cisco IOS XE Software
16.11.1 16.11.1a 16.11.1b 16.11.2 16.11.1s 16.12.1 16.12.1s 16.12.1a 16.12.1c 16.12.1w 16.12.2 16.12.1y 16.12.2a 16.12.3 16.12.8 16.12.2s 16.12.1x 16.12.1t 16.12.4 16.12.3s 16.12.3a 16.12.4a 16.12.5 16.12.6 16.12.1z1 16.12.5a 16.12.5b 16.12.1z2 16.12.6a 16.12.7 16.12.9 16.12.10 16.12.10a 16.12.11 16.12.12 16.12.13 16.12.14 17.1.1 17.1.1a 17.1.1s 17.1.1t 17.1.3 17.2.1 17.2.1r 17.2.1a 17.2.1v 17.2.2 17.2.3 17.3.1 17.3.2 17.3.3 17.3.1a 17.3.1w 17.3.2a 17.3.1x 17.3.1z 17.3.4 17.3.5 17.3.4a 17.3.6 17.3.4b 17.3.4c 17.3.5a 17.3.5b 17.3.7 17.3.8 17.3.8a 17.4.1 17.4.2 17.4.1a 17.4.1b 17.4.2a 17.5.1 17.5.1a 17.6.1 17.6.2 17.6.1w 17.6.1a 17.6.1x 17.6.3 17.6.1y 17.6.1z 17.6.3a 17.6.4 17.6.1z1 17.6.5 17.6.6 17.6.6a 17.6.5a 17.6.7 17.6.8 17.6.8a 17.7.1 17.7.1a 17.7.1b 17.7.2 17.10.1 17.10.1a 17.10.1b 17.8.1 17.8.1a 17.9.1 17.9.1w 17.9.2 17.9.1a 17.9.1x 17.9.1y 17.9.3 17.9.2a 17.9.1x1 17.9.3a 17.9.4 17.9.1y1 17.9.5 17.9.4a 17.9.5a 17.9.5b 17.9.6 17.9.6a 17.9.7 17.9.5e 17.9.5f 17.9.8 17.9.7a 17.9.7b 17.11.1 17.11.1a 17.12.1 17.12.1w 17.12.1a 17.12.1x 17.12.2 17.12.3 17.12.2a 17.12.1y 17.12.1z 17.12.4 17.12.3a 17.12.1z1 17.12.1z2 17.12.4a 17.12.5 17.12.4b 17.12.1z3 17.12.5a 17.12.1z4 17.12.5b 17.12.5c 17.12.5d 17.13.1 17.13.1a 17.14.1 17.14.1a 17.15.1 17.15.1w 17.15.1a 17.15.2 17.15.1b 17.15.1x 17.15.1z 17.15.3 17.15.2c 17.15.2a 17.15.1y 17.15.2b 17.15.3a 17.15.4 17.15.3b 17.15.4d 17.15.4e 17.16.1 17.16.1a 17.17.1 17.18.1 17.18.1w 17.18.1a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-lobby-privesc-KwxBqJy