CVE-2026-20188
A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition.
EPSS 0.04% · 11.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Network Services Orchestrator | 5.6.14.1, 6.0.12, 5.6.14.3 |
| Cisco | Cisco Crosswork Network Change Automation | 1.0.0, 2.0.2, 4.1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-20188 (circl-sighting)
- CIRCL seen: CVE-2026-20188 (circl-sighting)
- cisco-sa-nso-dos-7Egqyc (circl)
Timeline
- May 6, 2026 CVE Published
- May 6, 2026 PoC Published
- May 6, 2026 PoC Published
- May 6, 2026 Security Advisory
- May 6, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score