CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Cisco CNC and NSO DoS flaw CVE-2026-20188 triggers manual reboot requirement

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Cisco disclosed and patched a high-severity denial-of-service (DoS) vulnerability, CVE-2026-20188, in Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) that can only be recovered from via manual system reboot. Unauthenticated remote attackers can exploit the flaw due to insufficient rate limiting on incoming connections, causing resource exhaustion and unresponsiveness in unpatched CNC/NSO deployments. Impact includes disruption of network management and orchestration services for large enterprises and service providers relying on these platforms. No active exploitation has been observed at the time of disclosure, but manual intervention remains necessary to restore functionality.

Timeline

  1. 06.05.2026 21:06 1 articles · 6h ago

    Cisco CNC/NSO DoS flaw CVE-2026-20188 patched; manual reboot required for recovery

    Cisco released fixes for CVE-2026-20188, a high-severity DoS vulnerability in Crosswork Network Controller and Network Services Orchestrator caused by insufficient rate limiting. Exploitation triggers resource exhaustion and unresponsiveness, necessitating manual reboot to restore service. Affected versions include CNC ≤7.1 and NSO ≤6.3; remediation requires upgrading to fixed releases.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2026-20188 is a high-severity DoS vulnerability affecting Cisco CNC and NSO, resulting from inadequate rate limiting on incoming connections.

    First reported: 06.05.2026 21:06
    1 source, 1 article
    Show sources

  • Successful exploitation exhausts connection resources, rendering Cisco CNC and NSO unresponsive and requiring a manual reboot to restore service.

    First reported: 06.05.2026 21:06
    1 source, 1 article
    Show sources

  • Cisco CNC versions 7.1 and earlier are vulnerable; fixed in release 7.2. Cisco NSO versions 6.3 and earlier are vulnerable; fixed in releases 6.4.1.3 and 6.5.

    First reported: 06.05.2026 21:06
    1 source, 1 article
    Show sources

  • Cisco PSIRT has not observed active exploitation of CVE-2026-20188 as of the advisory date.

    First reported: 06.05.2026 21:06
    1 source, 1 article
    Show sources