CVE-2026-20051
Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.
| CWE | CWE-457 |
| Vendor | cisco |
| Product | cisco nx-os software |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Feb 25, 2026 |
| Last Updated | Feb 25, 2026 |
Get instant alerts for cisco cisco nx-os software
Be the first to know when new high vulnerabilities affecting cisco cisco nx-os software are published โ delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H