Description
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a DoS condition.
Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv1 or SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Published: 2026-02-25
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The identified flaw resides in the SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches operating in ACI mode. Improper parsing of SNMP requests allows an authenticated remote attacker, using a valid SNMP read‑only community string for SNMPv1/v2c or a valid SNMPv3 credential, to continuously bombard the device with requests to a specific MIB. Sustained traffic can force the kernel to panic, triggering a device reload and producing a denial‑of‑service condition. The weakness is classified as out‑of‑bounds processing (CWE‑789).

Affected Systems

Cisco NX-OS System Software in ACI mode running on Nexus 9000 Series Fabric Switches is affected. Version information is not provided in the advisory, so the specific firmware releases impacted are unknown.

Risk and Exploitability

The CVSS score of 7.7 indicates a moderate to high severity. The EPSS value of less than 1% means that, although the flaw exists, it is currently considered unlikely to be exploited in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated access to SNMP, which is commonly available in many networks, making the potential impact significant if mitigations are absent.

Generated by OpenCVE AI on April 18, 2026 at 10:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Cisco NX‑OS software update released in the official advisory
  • If SNMP is not required, disable the SNMP service on the switches
  • Limit SNMP community strings or user credentials to a trusted network segment and enforce least privilege

Generated by OpenCVE AI on April 18, 2026 at 10:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cisco Nx-os System Software In Aci Mode
Vendors & Products Cisco
Cisco cisco Nx-os System Software In Aci Mode

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper processing when parsing SNMP requests. An attacker could exploit this vulnerability by continuously sending SNMP queries&nbsp;to a specific MIB of an affected device. A successful exploit could allow the attacker to cause a kernel panic on the device, resulting in a reload and a&nbsp;DoS condition. Note: This vulnerability affects SNMP versions 1, 2c, and 3. To exploit&nbsp;this vulnerability through SNMPv1 or&nbsp;SNMPv2c, the attacker must have a valid read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Title Cisco NX-OS Software SNMP Denial of Service Vulnerability
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Cisco Nx-os System Software In Aci Mode
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-02-25T19:05:48.366Z

Reserved: 2025-10-08T11:59:15.355Z

Link: CVE-2026-20048

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-25T17:25:25.620

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-20048

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:45:43Z

Weaknesses