Community directors worldwide reported widespread crashes in Cisco small enterprise switches on January 8, 2026, triggered by deadly errors within the DNS shopper service.
Units entered reboot loops each couple of minutes, disrupting operations till DNS configurations have been eliminated.
The problem surfaced round 2 AM UTC, affecting fashions like CBS250, C1200, CBS350, SG350, and SG550X sequence switches. Logs confirmed DNS_CLIENT-F-SRCADDRFAIL errors failing to resolve domains resembling “www.cisco.com” and NIST time servers like “time-c.timefreq.bldrdoc.gov.”
Deadly errors from the DNSC activity led to core dumps and computerized resets, with stack traces pointing to DNS decision failures in firmware variations together with 4.1.7.17, 4.1.3.36, and 4.1.7.24.
Customers on Cisco’s group boards reported managing dozens of affected gadgets and performing guide reconfiguration to stabilize them. One administrator famous, “Each single one crashed right this moment… till I eliminated the DNS configuration,” throughout 50 CBS250 and C1200 items. Comparable experiences hit Reddit, the place SG550X homeowners confirmed an identical signs beginning concurrently throughout websites.
Affected Software program Variations
Mannequin/SeriesReported VersionsDate CodesCBS250/C12004.1.7.17, 4.1.3.36May 2025, Might 2024CBS3504.1.7.24, 3.5.3.2Aug 2025, UnknownSG550XVarious recentN/A
The crashes linked to DNS lookups for default SNTP servers like time-pnp.cisco.com or www.cisco.com, even on switches with out specific NTP config.
Discussion board customers suspected {that a} resolver-side change on Cloudflare’s 1.1.1.1 DNS exacerbated the bug, since secondary servers like 8.8.8.8 may need mitigated it. Cisco’s DNS shopper treats lookup failures as deadly, which isn’t resilient.
Efficient workarounds embody:
Disabling DNS: no ip name-server, no ip domain-lookup.
Eradicating default SNTP: no sntp server time-pnp.cisco.com.
Blocking outbound swap web entry.
Switches stabilized post-changes, although disabling DNS limits hostname decision in configs.
Cisco help acknowledged the issue to prospects, confirming impacts on CBS, SG, and Catalyst 1200/1300 traces, however no public advisory or patch exists as of January 9. No subject discover seems in searches. This exposes small enterprise networks to DoS-like disruptions from routine DNS points, urging firmware vigilance.
Admins ought to monitor for updates and apply workarounds promptly. The synchronized onset suggests a world set off, probably exterior DNS flux, highlighting firmware brittleness in embedded methods.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
