Always-Incorrect Control Flow Implementation in Cisco NX-OS - CVE-2026-20171
Published: May 21, 2026
Vulnerability identifier: #VU132081
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20171
CWE-ID: CWE-670
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco NX-OS
Cisco NX-OS
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to incorrect parsing in the Border Gateway Protocol (BGP) enforce-first-as feature when processing a crafted transitive BGP attribute in an established BGP peer session. A remote attacker can send a crafted BGP update to cause a denial of service.
The issue can cause the device to drop the BGP session and flap with the forwarding BGP peer. The affected feature is enabled by default when BGP is configured.
This vulnerability affects Cisco Nexus 3000 and 9000 Series Switches.
How to mitigate CVE-2026-20171
Install security update from vendor's website.