Cyber Posture

CVE-2026-20010

High

Published: 25 February 2026

Published
25 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0002 5.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20010 is a high-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Cisco NX-OS Software (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Crafted LLDP packet directly exploits LLDP frame handling flaw (CWE-805) to crash/restart process and trigger device reload, matching Application or System Exploitation sub-technique for DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due…

more

to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

Deeper analysisAI

CVE-2026-20010 is a vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software. The issue arises from improper handling of specific fields in an LLDP frame, which could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart. This may result in an affected device reloading unexpectedly, creating a denial-of-service (DoS) condition. The vulnerability is associated with CWE-805 and has a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

An unauthenticated attacker with adjacent network access can exploit this vulnerability by sending a crafted LLDP packet to an interface on an affected device. LLDP operates as a Layer 2 protocol, so the attacker must be directly connected to the target interface, either physically or logically—for example, via a Layer 2 tunnel configured to transport LLDP frames. Successful exploitation causes the device to reload, disrupting network operations.

Mitigation details and affected versions are outlined in the Cisco Security Advisory available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3.

Details

CWE(s)
CWE-805

Affected Products

Cisco
NX-OS Software
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-20170Shared CWE-805
CVE-2025-20175Shared CWE-805
CVE-2025-20169Shared CWE-805
CVE-2026-20033Shared CWE-805
CVE-2025-63547Shared CWE-805
CVE-2025-20315Shared CWE-805
CVE-2025-20174Shared CWE-805
CVE-2026-1837Shared CWE-805
CVE-2025-23318Shared CWE-805
CVE-2025-23319Shared CWE-805

References