Denial of Service Vulnerability in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator
CVE-2026-20188

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Crosswork Network Change Automation
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2026-20188?

A vulnerability exists in the connection-handling mechanism of Cisco's Crosswork Network Controller and Network Services Orchestrator, which could allow unauthenticated remote attackers to trigger a denial of service (DoS) condition. This issue stems from insufficient rate-limiting for incoming network connections, permitting an attacker to overload an affected system by sending a high volume of connection requests. The exploitation of this vulnerability can exhaust available connection resources, rendering the Cisco CNC and NSO unresponsive and hindering legitimate users and services. Recovery from this condition necessitates a manual reboot of the system.

News Articles

BleepingComputer

CVE-2026-20188

New Cisco DoS flaw requires manual reboot to revive devices

Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery.

2 weeks ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 6, 2026
📰
First article discovered by BleepingComputer
May 6, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20188 Data

JSON