By Sergiu Gatlan
Publication Date: 2026-05-06 18:06:00
Cisco released security updates to fix a Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) denial-of-service (DoS) vulnerability that requires manually rebooting targeted systems for recovery.
Large enterprises and service providers leverage the CNC software suite to simplify multivendor network management and operations handling with automation, while the NSO orchestration platform helps them manage network devices and resources.
Tracked as CVE-2026-20188, this high-severity security flaw stems from inadequate rate limiting on incoming network connections and can be exploited remotely by unauthenticated threat actors to crash unpatched Cisco CNC and Cisco NSO systems through low-complexity attacks.
“A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the…
