Cisco released security updates to fix a Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) denial-of-service (DoS) vulnerability that forces administrators to manually reboot affected systems for recovery.
Moreover, large enterprises and service providers rely on the CNC software suite to simplify multivendor network management and streamline operations through automation. At the same time, the NSO orchestration platform helps teams efficiently manage network devices and resources.
CVE-2026-20188 Enables Remote DoS Attacks
Specifically, researchers track this issue as CVE-2026-20188, a high-severity vulnerability caused by inadequate rate limiting on incoming network connections. As a result, unauthenticated threat actors can remotely exploit the flaw and crash unpatched Cisco CNC and Cisco NSO systems using low-complexity attacks.
“A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition,” Cisco said in a Wednesday advisory.
“To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.”
However, although CVE-2026-20188 can permanently crash targeted systems until manual intervention occurs, Cisco’s Product Security Incident Response Team (PSIRT) has not identified ongoing exploitation.
| Cisco CNC Release | First Fixed Release |
|---|---|
| 7.1 and earlier | Migrate to a fixed release. |
| 7.2 | Not vulnerable. |
| Cisco NSO Release | First Fixed Release |
|---|---|
| 6.3 and earlier | Migrate to a fixed release. |
| 6.4 | 6.4.1.3 |
| 6.5 | Not vulnerable. |
Likewise, CVE-2026-20188 has not appeared in real-world attacks so far. Still, Cisco has patched multiple DoS vulnerabilities in the past that attackers later exploited.
Previous Cisco DoS Vulnerabilities Highlight Ongoing Risk
For example, in November 2025, Cisco warned that two Vulnerabilities—CVE-2025-20362 and CVE-2025-20333—enabled attackers to trigger reboot loops in ASA and FTD firewalls after earlier zero-day exploitation.
Earlier, in September, when Cisco addressed those flaws, CISA issued an emergency directive that required federal agencies to secure their Cisco Firewalls within 24 hours against attacks Leveraging this exploit chain.
In addition, Cisco fixed other Vulnerabilities—CVE-2022-20653 and CVE-2024-20401—that allowed Attackers to crash Secure Email Appliances using Maliciously crafted email messages.
At that time, the company advised customers to contact its Technical Assistance Center (TAC) to restore affected systems, since recovery required manual intervention.
Last year, Cisco patched another DoS Vulnerability—CVE-2025-20115—that allowed Attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message.
Source: BleepingComputer, Sergiu Gatlan
Read more at Impreza News
