Description
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop.

This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device.
Note: To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider. 
Published: 2026-02-25
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via a Layer 2 traffic loop
Action: Patch Immediately
AI Analysis

Impact

A logic error in the Ethernet VPN (EVPN) Layer 2 ingress processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500‑R Series Switching Platforms allows an unauthenticated, Layer 2‑adjacent attacker to send a stream of crafted Ethernet frames that triggers a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop. The loop can oversubscribe network interface bandwidth, causing all data‑plane traffic to be dropped and resulting in a denial of service.

Affected Systems

The vulnerability affects Cisco Nexus 3600 and Cisco Nexus 9500‑R series switches running Cisco NX‑OS Software. No specific OS version range is supplied in the advisory, so any deployed NX‑OS firmware on these platforms should be examined for the fix.

Risk and Exploitability

With a CVSS score of 7.4 the vulnerability is classified as high severity. The EPSS score is below 1%, indicating a low probability of exploitation, and the issue is not listed in the CISA KEV catalog. However, the attack requires direct Layer 2 adjacency and the potential to disrupt all traffic on the device makes it a significant risk for affected networks. Exploitation would require the attacker to transmit crafted Ethernet frames; once activated, manual intervention to stop the traffic and flap interfaces is necessary to restore normal operation.

Generated by OpenCVE AI on April 17, 2026 at 15:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Cisco NX‑OS Software patch referenced in Cisco Security Advisory cisco‑sa‑nxos‑ether‑dos‑Kv8YNWZ4
  • Segment the network to eliminate direct Layer 2 adjacency between untrusted hosts and the affected switches
  • Configure storm‑control, traffic policing, or other loop‑protection mechanisms on the impacted interfaces
  • Monitor for sudden increases in broadcast or VxLAN traffic and, if a loop is detected, stop the traffic and reset the interfaces as recommended by Cisco

Generated by OpenCVE AI on April 17, 2026 at 15:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco nx-os Software
Vendors & Products Cisco
Cisco nx-os Software

Wed, 25 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, adjacent attacker to trigger a Layer 2 traffic loop. This vulnerability is due to a logic error when processing a crafted Layer 2 ingress frame. An attacker could exploit this vulnerability by sending a stream of crafted Ethernet frames through the targeted device. A successful exploit could allow the attacker to cause a Layer 2 Virtual eXtensible LAN (VxLAN) traffic loop, which, in turn, could result in a denial of service (DoS) condition. This Layer 2 loop could oversubscribe the bandwidth on network interfaces, which would result in all data plane traffic being dropped. To exploit this vulnerability, the attacker must be Layer 2-adjacent to the affected device. Note:&nbsp;To stop active exploitation of this vulnerability, manual intervention is required to both stop the crafted traffic and flap all involved network interfaces. For additional assistance if a Layer 2 loop that is related to this vulnerability is suspected, contact the Cisco Technical Assistance Center (TAC) or the proper support provider.&nbsp;
Title Cisco Nexus 3600-R and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability
Weaknesses CWE-457
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Cisco Nx-os Software
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-02-25T19:05:49.650Z

Reserved: 2025-10-08T11:59:15.355Z

Link: CVE-2026-20051

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-25T17:25:26.487

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-20051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T15:15:21Z

Weaknesses