Is Cisco affected by EUVD-2026-15431?

Cisco Catalyst 9000 Series Switches are vulnerable to a denial-of-service attack that could render network infrastructure unavailable, disrupting business operations across all dependent systems.

EUVD-2026-15431

| CVE-2026-20084 HIGH

2026-03-25 cisco

GHSA-m8vf-g949-jwr2

8.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 25, 2026 - 16:16 euvd

EUVD-2026-15431

Analysis Generated

Mar 25, 2026 - 16:16 vuln.today

CVE Published

Mar 25, 2026 - 16:02 nvd

HIGH 8.6

Description

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of BOOTP packets on Cisco Catalyst 9000 Series Switches. An attacker could exploit this vulnerability by sending BOOTP request packets to an affected device. A successful exploit could allow an attacker to forward BOOTP packets from one VLAN to another, resulting in BOOTP VLAN leakage and potentially leading to high CPU utilization. This makes the device unreachable (either through console or remote management) and unable to forward traffic, resulting in a DoS condition. Note: This vulnerability can be exploited with either unicast or broadcast BOOTP packets. There are workarounds that address this vulnerability.

Analysis

Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. …

Remediation

Within 24 hours: Inventory all Cisco Catalyst 9000 Series Switches in production and verify current IOS XE versions; enable detailed logging on DHCP snooping events and implement BOOTP rate-limiting at network edge. Within 7 days: Deploy network segmentation to restrict BOOTP packet forwarding across VLANs; disable DHCP snooping on non-essential VLANs if business operations permit; establish baseline CPU utilization metrics for early anomaly detection. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +43

POC: 0

EUVD-2026-15431 vulnerability details – vuln.today

Back

EUVD-2026-15431

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-15431

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code