LLDP Vulnerability in Cisco NX-OS Software
CVE-2026-20010

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Nx-os Software; Cisco Nx-os System Software In Aci Mode; Cisco Unified Computing System (managed)
Vendor: CVE Published:; 25 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-20010?

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software enables unauthenticated, adjacent attackers to disrupt network operations by causing the LLDP process to restart. This is a result of improper handling of specific fields within LLDP frames. An attacker could exploit this issue by sending specially crafted LLDP packets to a targeted device's interface. If successful, this would lead to an unexpected device reload, creating a denial of service condition. To exploit this vulnerability, attackers must be connected directly to the affected device's interface, either physically or through a Layer 2 Tunnel. Proper security measures and device configuration are critical to mitigating this risk.

Affected Version(s)

Cisco NX-OS Software 10.3(1)

Cisco NX-OS Software 10.3(2)

Cisco NX-OS Software 10.3(3)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 25, 2026
Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20010 Data

JSON