Denial of Service Risk in Cisco Nexus Switches Due to BGP Parsing Issue
CVE-2026-20171

6.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Nx-os Software
Vendor: CVE Published:; 20 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20171?

A critical flaw exists in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 and 9000 Series Switches running in standalone NX-OS mode. This issue arises from improper parsing of a transitive BGP attribute, which could be exploited by an unauthenticated remote attacker. By sending a specially crafted BGP update through an established BGP peer session, the attacker could cause the affected device to drop its BGP session and repeatedly flap with the peer, leading to a significant denial of service (DoS) condition. Addressing this vulnerability is crucial for maintaining the integrity and availability of network operations.

Affected Version(s)

Cisco NX-OS Software 10.2(1)

Cisco NX-OS Software 10.2(1q)

Cisco NX-OS Software 10.2(2)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 20, 2026
Vulnerability published
May 20, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20171 Data

JSON