CVE-2026-20051 — Vulnetix

CVE-2026-20051 PUBLISHED CVSS 7.400000095367432 HIGH

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an affected device to reload unexpectedly. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol).

EPSS 0.05% · 15.5th percentile

Risk Scores

CVSS 3.1

7.400000095367432

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

0.05%

15.5th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco NX-OS Software	*, 9.3(16), 10.6(1s)
Cisco	Cisco Unified Computing System (Managed)	4.3(4c), ,
Cisco	Cisco NX-OS System Software in ACI Mode	, , *

Exploit Intelligence

cisco-sa-n3kn9k_aci_lldp_dos-NdgRrrA3 (circl)
CIRCL seen: CVE-2026-20051 (circl-sighting)
CIRCL seen: CVE-2026-20051 (circl-sighting)
CIRCL seen: CVE-2026-20051 (circl-sighting)
cisco-sa-nxos-ether-dos-Kv8YNWZ4 (circl)
CIRCL seen: CVE-2026-20010 (circl-sighting)
CIRCL seen: CVE-2026-20010 (circl-sighting)

Timeline

Oct 8, 2025 CVE ID Reserved
Feb 25, 2026 CVE Published
Feb 25, 2026 PoC Published
Feb 25, 2026 PoC Published
Feb 25, 2026 CVE Updated
Feb 26, 2026 EPSS Score
Feb 26, 2026 PoC Published
Feb 26, 2026 PoC Published
Feb 27, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 4, 2026 EPSS Score

References

Open in Interactive Console →