Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company Opswat has revealed. The two most operationally significant are CVE-2026-20114 and CVE-2026-20110, which the researchers found could be chained to make possible a dangerous privilege escalation. Opswat’s Unit 515 Critical Infrastructure Protection (CIP) Lab discovered them and reported them to Cisco last July. The first weakness was in the Catalyst WebUI Lobby Ambassador account, which exists to allow non-technical staff with no admin privileges to administer guest Wi-Fi access. This turned out ...