{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-20051","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2025-10-08T11:59:15.355Z","datePublished":"2026-02-25T16:14:33.859Z","dateUpdated":"2026-02-25T19:05:49.650Z"},"containers":{"cna":{"title":"Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"descriptions":[{"lang":"en","value":"A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.\r\n\r\nThis vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device.\r\nNote: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider. "}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ether-dos-Kv8YNWZ4","name":"cisco-sa-nxos-ether-dos-Kv8YNWZ4"}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-nxos-ether-dos-Kv8YNWZ4","discovery":"EXTERNAL","defects":["CSCwo94451"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Use of Uninitialized Variable","type":"cwe","cweId":"CWE-457"}]}],"affected":[{"vendor":"Cisco","product":"Cisco NX-OS Software","versions":[{"version":"9.2(3)","status":"affected"},{"version":"9.2(2v)","status":"affected"},{"version":"9.2(1)","status":"affected"},{"version":"9.2(2t)","status":"affected"},{"version":"9.2(3y)","status":"affected"},{"version":"9.3(2)","status":"affected"},{"version":"9.2(4)","status":"affected"},{"version":"9.3(1)","status":"affected"},{"version":"9.3(1z)","status":"affected"},{"version":"9.2(2)","status":"affected"},{"version":"9.3(3)","status":"affected"},{"version":"9.3(4)","status":"affected"},{"version":"9.3(5)","status":"affected"},{"version":"9.3(6)","status":"affected"},{"version":"9.3(5w)","status":"affected"},{"version":"9.3(7)","status":"affected"},{"version":"9.3(7k)","status":"affected"},{"version":"10.2(1)","status":"affected"},{"version":"9.3(7a)","status":"affected"},{"version":"9.3(8)","status":"affected"},{"version":"10.2(1q)","status":"affected"},{"version":"10.2(2)","status":"affected"},{"version":"9.3(9)","status":"affected"},{"version":"10.2(3)","status":"affected"},{"version":"10.2(3t)","status":"affected"},{"version":"9.3(10)","status":"affected"},{"version":"10.2(2a)","status":"affected"},{"version":"10.3(1)","status":"affected"},{"version":"10.2(4)","status":"affected"},{"version":"10.3(2)","status":"affected"},{"version":"9.3(11)","status":"affected"},{"version":"10.3(3)","status":"affected"},{"version":"10.2(5)","status":"affected"},{"version":"9.3(12)","status":"affected"},{"version":"10.2(3v)","status":"affected"},{"version":"10.4(1)","status":"affected"},{"version":"10.2(6)","status":"affected"},{"version":"10.3(3w)","status":"affected"},{"version":"10.3(3o)","status":"affected"},{"version":"10.3(4)","status":"affected"},{"version":"10.3(3p)","status":"affected"},{"version":"10.3(4a)","status":"affected"},{"version":"10.4(2)","status":"affected"},{"version":"10.3(3q)","status":"affected"},{"version":"9.3(13)","status":"affected"},{"version":"10.3(5)","status":"affected"},{"version":"10.2(7)","status":"affected"},{"version":"10.4(3)","status":"affected"},{"version":"10.3(3x)","status":"affected"},{"version":"10.3(4g)","status":"affected"},{"version":"10.5(1)","status":"affected"},{"version":"10.2(8)","status":"affected"},{"version":"10.3(3r)","status":"affected"},{"version":"10.3(6)","status":"affected"},{"version":"9.3(14)","status":"affected"},{"version":"10.4(4)","status":"affected"},{"version":"10.3(4h)","status":"affected"},{"version":"10.5(2)","status":"affected"},{"version":"10.3(7)","status":"affected"},{"version":"10.4(5)","status":"affected"},{"version":"10.5(3)","status":"affected"},{"version":"10.2(9)","status":"affected"},{"version":"9.3(15)","status":"affected"},{"version":"10.4(4g)","status":"affected"},{"version":"10.5(4)","status":"affected"},{"version":"10.6(1)","status":"affected"},{"version":"10.5(3t)","status":"affected"},{"version":"10.3(8)","status":"affected"},{"version":"10.4(6)","status":"affected"},{"version":"10.5(3s)","status":"affected"},{"version":"10.5(3e)","status":"affected"},{"version":"10.5(3o)","status":"affected"},{"version":"9.3(16)","status":"affected"},{"version":"10.6(1s)","status":"affected"},{"version":"10.5(3p)","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2026-02-25T16:14:33.859Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-20051","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-02-25T18:18:59.463626Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-25T19:05:49.650Z"}}]}}