Denial of Service Vulnerability in Cisco Nexus 9000 Series Fabric Switches
CVE-2026-20033

7.4HIGH

Key Information:

Vendor: Cisco
Status: Cisco Nx-os System Software In Aci Mode
Vendor: CVE Published:; 25 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-20033?

A vulnerability exists in the Cisco Nexus 9000 Series Fabric Switches operating in ACI mode that could enable an adjacent attacker to execute a denial of service attack. This issue arises from inadequate validation of certain Ethernet frames processed by the management interface of the device. By sending a specially crafted Ethernet frame, an attacker may force the device to reload unexpectedly, leading to service interruption. This vulnerability specifically affects only the out-of-band management interface, which can be exploited by unauthenticated individuals in proximity to the device.

Affected Version(s)

Cisco NX-OS System Software in ACI Mode 15.2(1g)

Cisco NX-OS System Software in ACI Mode 15.2(2e)

Cisco NX-OS System Software in ACI Mode 15.2(2f)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 25, 2026
Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20033 Data

JSON