CVE-2026-20185
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system. Cisco has not released and will not release software updates that address this vulnerability because the affected products are past the date for End of Software Maintenance Releases. The Cisco Product Security Incident Response Team (PSIRT) will continue to evaluate and disclose security vulnerabilities that affect these products until the Last Date of Support is reached. There are no workarounds that address this vulnerability. However, there is a mitigation. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj Security Impact Rating: High CVE: CVE-2026-20185
CSIRTS triage
- What
- A vulnerability in the SNMP subsystem could allow an authenticated attacker to cause a denial of service condition.
- Who is affected
- Authenticated users of Cisco SG350 and SG350X Series Managed Switches are affected.
- Urgency
- Remediation is urgent due to the potential for device reloading and service disruption.
- Action
- Apply the latest firmware updates for the affected switches.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-20185
Get an email if CVE-2026-20185 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all EPSS-scored CVEs.
Advisory coverage (1)
- highCisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerabilitycisco-psirt · 2026-05-06
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-20185)