Cyber Resilience

CVE-2026-20033

High

Published: 25 February 2026

Published
25 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0002 6.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20033 is a high-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Cisco Nexus (inferred from references). Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-20033 is a vulnerability affecting Cisco Nexus 9000 Series Fabric Switches operating in ACI mode. The issue arises from insufficient validation when processing specific Ethernet frames on the out-of-band (OOB) management interface, which could allow an unauthenticated adjacent attacker to trigger a denial of service (DoS) condition. Published on 2026-02-25, it carries a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and maps to CWE-805.

An adjacent attacker can exploit this vulnerability by sending a crafted Ethernet frame to the OOB management interface of an affected device. Successful exploitation causes the device to reload unexpectedly, leading to a DoS condition. Only the OOB management interface is impacted.

The Cisco Security Advisory provides details on mitigation and patches: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cpdos-qLsv6pFD.

EU & UK References

Vulnerability details

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation when processing specific…

more

Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to the management interface of an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only the out-of-band (OOB) management interface is affected.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables unauthenticated adjacent attackers to send crafted frames triggering device reload/crash, directly mapping to endpoint DoS via system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20175Shared CWE-805
CVE-2025-20169Shared CWE-805
CVE-2025-20174Shared CWE-805
CVE-2025-20170Shared CWE-805
CVE-2025-63547Shared CWE-805
CVE-2025-20315Shared CWE-805
CVE-2026-20010Shared CWE-805
CVE-2026-1837Shared CWE-805
CVE-2025-23318Shared CWE-805
CVE-2025-23319Shared CWE-805

Affected Assets

Cisco
Nexus
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of information inputs, addressing the root cause of insufficient Ethernet frame validation on the OOB interface.

prevent

Enforces boundary protections that can restrict or filter traffic to the OOB management interface from adjacent attackers.

prevent

Implements denial-of-service protection mechanisms to prevent crafted frames from triggering device reloads.

References