CVE-2026-20188
Received Received - Intake
DoS via Inadequate Rate-Limiting in Cisco Crosswork Network Controller and Network Services Orchestrator

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20188
EUVD
EUVD-2026-27860
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
cisco crosswork_network_controller *
cisco network_services_orchestrator *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO). It is caused by an inadequate implementation of rate-limiting on incoming network connections.

An unauthenticated, remote attacker can exploit this by sending a large number of connection requests to the affected system, which can exhaust the system's available connection resources.

As a result, the affected Cisco CNC and Cisco NSO systems become unresponsive, causing a denial of service (DoS) condition that affects legitimate users and dependent services.

Recovery from this condition requires a manual reboot of the system.

Impact Analysis

This vulnerability can impact you by causing a denial of service (DoS) condition on systems running Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO).

An attacker can remotely and without authentication exhaust connection resources by flooding the system with connection requests, making the system unresponsive.

This unresponsiveness disrupts legitimate user access and dependent services, potentially causing operational downtime.

Additionally, recovery requires a manual reboot, which may increase system downtime and operational impact.

Mitigation Strategies

To mitigate this vulnerability, you should limit the rate of incoming network connections to the affected Cisco Crosswork Network Controller and Cisco Network Services Orchestrator systems to prevent resource exhaustion.

Since the vulnerability allows an unauthenticated remote attacker to cause a denial of service by exhausting connection resources, monitoring and controlling connection attempts can help reduce the risk.

If a DoS condition occurs, a manual reboot of the affected system is required to recover.

Compliance Impact

The vulnerability described causes a denial of service (DoS) condition by exhausting connection resources, but it does not directly impact the confidentiality, integrity, or availability of data in a way that would specifically affect compliance with standards like GDPR or HIPAA.

However, a DoS condition could indirectly affect compliance by disrupting availability requirements mandated by such regulations, since legitimate users and dependent services become unresponsive until a manual reboot is performed.

There is no explicit information provided about direct compliance impacts or data breaches related to this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20188. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart