Opswat additionally found two different Catalyst 9300 vulnerabilities: CVE-2026-20112 (cross-site scripting) and CVE-2026-20113 (CRLF injection). These relate to the IOS XE IOx integration surroundings which allows cloud edge computing options on Catalyst switches.
The primary of those, CVE-2026-20112, might be exploited by an “authenticated consumer [who] may retailer malicious JavaScript payloads that may later execute within the context of one other consumer’s session,” stated Opswat in its full vulnerability evaluation.
The second, CVE-2026-20113, would permit an attacker to cowl their tracks for any exploit on IOS XE IOx: “By injecting crafted management characters, an attacker can forge or manipulate log entries, probably obscuring malicious exercise and compromising the integrity of audit data,” stated Opswat, including that this weakens the reliability of logging mechanisms vital for monitoring, incident response, and forensic evaluation.
