CVE-2026-20051
Received Received - Intake
Logic Error in Cisco Nexus EVPN Causes Layer 2 DoS Loop

Publication date: 2026-02-25

Last updated on: 2026-02-25

Assigner: Cisco Systems, Inc.

Description
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider. 
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20051
EUVD
EUVD-2026-8669
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco nexus_3600 *
cisco nexus_9500-r *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-457 The code uses a variable that has not been initialized, leading to unpredictable or unintended results.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20051 is a vulnerability in the Ethernet VPN (EVPN) Layer 2 ingress packet processing of certain Cisco Nexus 3600 and 9500-R Series switches. It is caused by a logic error when processing specially crafted Layer 2 Ethernet frames.

An unauthenticated attacker who is Layer 2-adjacent to the device can exploit this by sending a stream of crafted Ethernet frames. This triggers a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which oversubscribes the bandwidth on network interfaces.

The resulting traffic loop causes all data plane traffic to be dropped, leading to a denial of service (DoS) condition on the affected network device.

Impact Analysis

This vulnerability can cause a denial of service (DoS) condition on affected Cisco Nexus 3600 and 9500-R Series switches with EVPN configured.

By triggering a Layer 2 VxLAN traffic loop, the attacker can oversubscribe network interface bandwidth, causing all data plane traffic to be dropped.

This results in network-wide traffic disruption, potentially impacting availability of network services and connectivity.

Exploitation requires the attacker to be Layer 2-adjacent, and manual intervention is needed to stop the attack by halting the crafted traffic and flapping involved interfaces.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be suspected if a Layer 2 traffic loop is detected on Cisco Nexus 3600 or 9500-R Series switches with EVPN configured. The presence of a Layer 2 loop causing oversubscription of bandwidth and resulting in dropped data plane traffic may indicate exploitation.

Cisco advises contacting the Cisco Technical Assistance Center (TAC) for assistance if a Layer 2 loop related to this vulnerability is suspected.

No specific detection commands are provided in the available resources. However, monitoring for unusual Layer 2 traffic loops and interface oversubscription on affected devices is recommended.

Mitigation Strategies

Immediate mitigation requires manual intervention to stop the crafted traffic causing the Layer 2 loop and to flap all involved network interfaces.

There are no workarounds available; the only full remediation is to upgrade to fixed Cisco NX-OS software releases provided by Cisco.

Cisco strongly advises customers to upgrade to the fixed software versions as soon as possible to fully address the vulnerability.

For additional assistance, contacting Cisco Technical Assistance Center (TAC) is recommended if a Layer 2 loop related to this vulnerability is suspected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20051. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart