What is the CVSS score of CVE-2026-20185?

CVE-2026-20185 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Cisco SG350/SG350X are affected by CVE-2026-20185?

Cisco SG350 and SG350X switches are vulnerable to remote denial-of-service attacks via authenticated SNMP requests, allowing attackers with valid SNMP credentials to force device reloads and disrupt…

Cisco SG350/SG350X CVE-2026-20185

EUVD-2026-27857 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-05-06 cisco

Buffer Overflow Denial Of Service Heap Overflow Cisco

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 06, 2026 - 17:31 vuln.today

DescriptionNVD

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. 

This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

AnalysisAI

Cisco SG350 and SG350X managed switches can be remotely crashed via crafted SNMP requests, forcing unexpected device reloads. Authenticated attackers with valid SNMP credentials (read-only or read-write community strings for SNMPv1/v2c, or user credentials for SNMPv3) can trigger a heap-based buffer overflow in SNMP response parsing. …

RemediationAI

Within 24 hours: Identify all SG350/SG350X switches in your environment and document SNMP configurations; disable SNMP if not operationally required, or restrict SNMP access to trusted management networks only via ACLs. Within 7 days: Audit SNMP community strings (v1/v2c) and user credentials (v3) to ensure they are strong and rotated; implement network segmentation to prevent untrusted hosts from reaching SNMP ports (UDP 161). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-20185 vulnerability details – vuln.today

Back

Cisco SG350/SG350X CVE-2026-20185

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code