CISCO Security Advisory
Published Date: May 6, 2026
CVE: CVE-2026-20188
Advisory Summary
A critical security vulnerability identified as CVE-2026-20188 affects Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO). The flaw originates from insufficient rate-limiting on incoming network connections, enabling unauthenticated remote attackers to flood the system with connection requests. This overload exhausts the connection resources, causing CNC and NSO systems to become unresponsive and resulting in a denial of service (DoS) condition that disrupts legitimate user activities and dependent services.
- No workaround exists; the issue requires applying Cisco’s released software patches promptly.
- Affected systems require a manual reboot to recover post-exploit.
- The high-severity rating underscores the urgency for swift remediation to mitigate service disruptions in network management environments.
This vulnerability impacts critical orchestration tools central to network automation and control, making timely patch deployment essential to maintain operational stability and security integrity.
-2026-20188
Reference: Vendor Advisory