CISCO Security Advisory
Published Date: 🗓 May 6, 2026
CVE: CVE-2026-20185
Advisory Summary
Cisco has disclosed a critical vulnerability (CVE-2026-20185) in the SNMP subsystem of its SG350 and SG350X Series Managed Switches firmware. This security flaw stems from improper error handling when parsing specific SNMP response data. An authenticated remote attacker can exploit this by sending a crafted SNMP request, leading the affected device to reload unexpectedly and causing a denial-of-service (DoS) condition.
This vulnerability impacts SNMP versions 1, 2c, and 3. Exploitation requires possession of valid SNMP community strings (read-write or read-only) for SNMPv2c or earlier, or valid SNMPv3 user credentials for SNMPv3. This limits the risk surface to authenticated threat actors with network access.
Critically, Cisco will not release software updates to resolve this issue as the SG350/SG350X product lines have reached End of Software Maintenance. PSIRT continues to assess vulnerabilities until the official end-of-support but recommends mitigation since no workarounds exist.
- Restrict SNMP access strictly to trusted management hosts.
- Disable SNMP on SG350/SG350X devices if not essential.
- Monitor network traffic for unauthorized SNMP requests.
- Plan migration to supported Cisco switches with active security maintenance.
Enterprises relying on SG350 or SG350X switches should prioritize risk assessment given the high impact of this vulnerability and the lack of software patches. Transitioning to up-to-date hardware with ongoing security support is strongly advised to maintain network resilience.
Reference: Vendor Advisory