What is CVE-2026-20185?

CVE-2026-20185 is a high-severity vulnerability in Cisco Small Business Smart And Managed Switches, classified under Heap-based Buffer Overflow. CVSS score: 7.7/10. Published 2026-05-06.

How severe is CVE-2026-20185?

High severity. CVSS v3 base score is 7.7 out of 10.

Buffer overflow in Cisco Small Business Smart And Managed Switches

CVE-2026-20185

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attac…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (44.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H.

Affected products

Cisco Small Business Smart And Managed Switches — versions 2.5.9.54, 2.5.9.55

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

cisco-sa-sg350-snmp-dos-GEFZr2Tj

Frequently asked questions

What is CVE-2026-20185?: CVE-2026-20185 is a high-severity vulnerability in Cisco Small Business Smart And Managed Switches, classified under Heap-based Buffer Overflow. CVSS score: 7.7/10. Published 2026-05-06.
How severe is CVE-2026-20185?: High severity. CVSS v3 base score is 7.7 out of 10.