VDB

CVE-2026-20048

CVE-2026-20048 PUBLISHED CVSS 7.699999809265137 HIGH

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

EPSS 0.26% · 49.7th percentile

Risk Scores

CVSS 3.1
7.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.26%
49.7th percentile

Affected Products

VendorProductVersions
CiscoCisco NX-OS System Software in ACI Mode16.0(9c), 15.2(2e), 15.2(2g)
CiscoCisco NX-OS Software*, 10.4(1), 10.3(3w)
CiscoCisco Unified Computing System (Managed)4.3(6b), 4.3(4c), 4.3(4f)

Exploit Intelligence

Timeline

  • Oct 8, 2025 CVE ID Reserved
  • Feb 25, 2026 CVE Published
  • Feb 25, 2026 PoC Published
  • Feb 25, 2026 PoC Published
  • Feb 25, 2026 PoC Published
  • Feb 25, 2026 PoC Published
  • Feb 25, 2026 CVE Updated
  • Feb 26, 2026 EPSS Score
  • Feb 26, 2026 PoC Published
  • Feb 26, 2026 PoC Published
  • Feb 27, 2026 EPSS Score
  • Mar 1, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›