CVE-2026-20051
Published: 25 February 2026
Summary
CVE-2026-20051 is a high-severity Use of Uninitialized Variable (CWE-457) vulnerability in Cisco Nexus (inferred from references). Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Denial of Service (T1498); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in switch EVPN/VXLAN processing allows adjacent attacker to inject crafted frames that induce a traffic loop, directly enabling Network Denial of Service (T1498) by oversubscribing bandwidth and dropping all data-plane traffic.
NVD Description
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability…
more
is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.
Deeper analysisAI
CVE-2026-20051 is a logic error in the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms. This vulnerability arises when the affected devices process a crafted Layer 2 ingress frame, potentially leading to improper handling of Ethernet VPN traffic.
An unauthenticated, adjacent attacker who is Layer 2-adjacent to the targeted device can exploit this vulnerability by sending a stream of crafted Ethernet frames through the device. Successful exploitation triggers a Layer 2 Virtual eXtensible LAN (VXLAN) traffic loop, resulting in a denial-of-service (DoS) condition. The loop oversubscribes bandwidth on network interfaces, causing all data plane traffic to be dropped. The vulnerability has a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and is associated with CWE-457 (Use of Uninitialized Variable).
The Cisco Security Advisory recommends manual intervention to mitigate active exploitation, including stopping the crafted traffic and flapping all involved network interfaces. For suspected Layer 2 loops related to this issue, organizations should contact the Cisco Technical Assistance Center (TAC) or their support provider. Additional details are available in the advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4.
Details
- CWE(s)