CVE-2026-20051

Name of the Vulnerable Software and Affected Versions Cisco Nexus 3600 Platform Switches (affected versions not specified) Cisco Nexus 9500-R Series Switching Platforms (affected versions not specified)

Description A flaw exists in the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus devices that could allow a nearby, unauthenticated attacker to create a Layer 2 traffic loop. This is caused by a logic error when processing specially crafted Layer 2 frames. An attacker could send a stream of these frames to cause a Virtual eXtensible LAN (VxLAN) traffic loop, potentially leading to a denial of service (DoS) condition by overwhelming network interface bandwidth and dropping all data plane traffic. The attacker must be on the same Layer 2 network segment as the targeted device to exploit this issue. Manual intervention is required to stop the crafted traffic and reset involved network interfaces.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.