Denial of Service Vulnerability in Cisco 350 Series Switches
CVE-2026-20185

7.7HIGH

Key Information:

Vendor: Cisco
Status: Cisco Small Business Smart And Managed Switches
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20185?

A vulnerability exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches and Cisco 350X Series Stackable Managed Switches. This flaw arises from improper error handling during the parsing of response data for specific SNMP requests. An authenticated, remote attacker can exploit this vulnerability by sending carefully crafted SNMP requests, which may lead to the device reloading unexpectedly, effectively causing a denial of service (DoS) condition. The vulnerability affects SNMP versions 1, 2c, and 3, with different exploitation requirements depending on the SNMP version used.

Affected Version(s)

Cisco Small Business Smart and Managed Switches 2.5.9.54

Cisco Small Business Smart and Managed Switches 2.5.9.55

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 6, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20185 Data

JSON