By John E. Dunn
Publication Date: 2026-03-25 16:45:00
Opswat also discovered two other Catalyst 9300 vulnerabilities: CVE-2026-20112 (cross-site scripting) and CVE-2026-20113 (CRLF injection). These relate to the IOS XE IOx integration environment which enables cloud edge computing features on Catalyst switches.
The first of these, CVE-2026-20112, could be exploited by an “authenticated user [who] could store malicious JavaScript payloads that would later execute in the context of another user’s session,” said Opswat in its full vulnerability analysis.
The second, CVE-2026-20113, would allow an attacker to cover their tracks for any exploit on IOS XE IOx: “By injecting crafted control characters, an attacker can forge or manipulate log entries, potentially obscuring malicious activity and compromising the integrity of audit records,” said Opswat, adding that this weakens the reliability of logging mechanisms critical for monitoring, incident response, and forensic analysis.
Patching priority
To make headway,…
