CVE-2026-20051
Logic Error in Cisco Nexus EVPN Causes Layer 2 DoS Loop
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | nexus_3600 | * |
| cisco | nexus_9500-r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-457 | The code uses a variable that has not been initialized, leading to unpredictable or unintended results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20051 is a vulnerability in the Ethernet VPN (EVPN) Layer 2 ingress packet processing of certain Cisco Nexus 3600 and 9500-R Series switches. It is caused by a logic error when processing specially crafted Layer 2 Ethernet frames.
An unauthenticated attacker who is Layer 2-adjacent to the device can exploit this by sending a stream of crafted Ethernet frames. This triggers a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which oversubscribes the bandwidth on network interfaces.
The resulting traffic loop causes all data plane traffic to be dropped, leading to a denial of service (DoS) condition on the affected network device.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) condition on affected Cisco Nexus 3600 and 9500-R Series switches with EVPN configured.
By triggering a Layer 2 VxLAN traffic loop, the attacker can oversubscribe network interface bandwidth, causing all data plane traffic to be dropped.
This results in network-wide traffic disruption, potentially impacting availability of network services and connectivity.
Exploitation requires the attacker to be Layer 2-adjacent, and manual intervention is needed to stop the attack by halting the crafted traffic and flapping involved interfaces.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be suspected if a Layer 2 traffic loop is detected on Cisco Nexus 3600 or 9500-R Series switches with EVPN configured. The presence of a Layer 2 loop causing oversubscription of bandwidth and resulting in dropped data plane traffic may indicate exploitation.
Cisco advises contacting the Cisco Technical Assistance Center (TAC) for assistance if a Layer 2 loop related to this vulnerability is suspected.
No specific detection commands are provided in the available resources. However, monitoring for unusual Layer 2 traffic loops and interface oversubscription on affected devices is recommended.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation requires manual intervention to stop the crafted traffic causing the Layer 2 loop and to flap all involved network interfaces.
There are no workarounds available; the only full remediation is to upgrade to fixed Cisco NX-OS software releases provided by Cisco.
Cisco strongly advises customers to upgrade to the fixed software versions as soon as possible to fully address the vulnerability.
For additional assistance, contacting Cisco Technical Assistance Center (TAC) is recommended if a Layer 2 loop related to this vulnerability is suspected.