CVE-2026-20188

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20188
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT). Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.
CVSS

No CVSS.

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc
Configurations

No configuration.

History

14 May 2026, 17:16

Type Values Removed Values Added
Summary (en) A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition. (en) Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT). Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 0.0

06 May 2026, 17:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-05-06 17:16

Updated : 2026-05-14 17:16

NVD link : CVE-2026-20188

Mitre link : CVE-2026-20188

CVE.ORG link : CVE-2026-20188

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption