CVE-2026-20171

Name of the Vulnerable Software and Affected Versions Cisco Nexus 3000 Series Switches versions prior to 10.6(1s) Cisco Nexus 9000 Series Switches versions prior to 10.6(1s)

Description A flaw in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode allows an unauthenticated remote attacker to cause a denial of service (DoS) condition. The issue stems from incorrect parsing of a transitive BGP attribute. An attacker can exploit this by sending a crafted BGP update via an established BGP peer session. If the update reaches an affected device, the device may drop the BGP session and flap with the peer forwarding the update, leading to BGP peer flaps.

Recommendations Update to version 10.6(1s) or later.