Unauth Remote DoS via Connection Flood in Cisco CNC/NSO
CVE-2026-20188 Published on May 6, 2026
Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability
A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system.
This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition.
Vulnerability Analysis
CVE-2026-20188 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-20188 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-20188
Want to know whenever a new CVE is published for Cisco Network Services Orchestrator? stack.watch will email you.
Affected Versions
Cisco Crosswork Network Change Automation:- Version 3.0.0 is affected.
- Version 1.0.0 is affected.
- Version 2.0.2 is affected.
- Version 4.0.0 is affected.
- Version 4.1.0 is affected.
- Version 4.5.0 is affected.
- Version 5.0.0 is affected.
- Version 4.5.1 is affected.
- Version 4.5.2 is affected.
- Version 5.0.2 is affected.
- Version 4.1.3 is affected.
- Version 6.0.0 is affected.
- Version 7.0.0 is affected.
- Version 4.1.4 is affected.
- Version 5.0.4 is affected.
- Version 7.1.0 is affected.
- Version 7.0.3 is affected.
- Version 7.1.3 is affected.
- Version 5.7 is affected.
- Version 5.7.1 is affected.
- Version 5.7.1.1 is affected.
- Version 5.7.2 is affected.
- Version 5.7.2.1 is affected.
- Version 5.7.3 is affected.
- Version 5.8 is affected.
- Version 5.6.6.1 is affected.
- Version 5.7.5.1 is affected.
- Version 5.6.7.1 is affected.
- Version 5.6.7 is affected.
- Version 5.8.1 is affected.
- Version 5.6.6 is affected.
- Version 5.8.2.1 is affected.
- Version 5.7.5 is affected.
- Version 5.7.4 is affected.
- Version 5.8.2 is affected.
- Version 5.6.7.2 is affected.
- Version 5.7.6 is affected.
- Version 5.7.6.1 is affected.
- Version 5.8.3 is affected.
- Version 5.6.8 is affected.
- Version 5.7.6.2 is affected.
- Version 5.8.4 is affected.
- Version 5.7.7 is affected.
- Version 5.6.9 is affected.
- Version 5.6.8.1 is affected.
- Version 5.8.5 is affected.
- Version 5.7.8 is affected.
- Version 6.0 is affected.
- Version 5.7.8.1 is affected.
- Version 6.0.1 is affected.
- Version 5.6.10 is affected.
- Version 5.8.6 is affected.
- Version 6.0.1.1 is affected.
- Version 6.0.2 is affected.
- Version 5.7.9 is affected.
- Version 5.6.11 is affected.
- Version 5.8.7 is affected.
- Version 6.0.3 is affected.
- Version 5.7.10 is affected.
- Version 5.6.12 is affected.
- Version 5.8.8 is affected.
- Version 6.0.4 is affected.
- Version 5.7.10.1 is affected.
- Version 6.1 is affected.
- Version 5.7.6.3 is affected.
- Version 5.7.11 is affected.
- Version 6.0.5 is affected.
- Version 5.6.13 is affected.
- Version 5.8.9 is affected.
- Version 6.1.1 is affected.
- Version 5.7.10.2 is affected.
- Version 6.0.6 is affected.
- Version 5.7.12 is affected.
- Version 5.6.14 is affected.
- Version 5.8.10 is affected.
- Version 6.0.7 is affected.
- Version 5.7.13 is affected.
- Version 5.8.11 is affected.
- Version 6.0.8 is affected.
- Version 5.6.14.1 is affected.
- Version 5.8.12 is affected.
- Version 6.0.9 is affected.
- Version 5.8.13 is affected.
- Version 5.7.14 is affected.
- Version 6.0.10 is affected.
- Version 6.0.11 is affected.
- Version 5.7.15 is affected.
- Version 6.0.12 is affected.
- Version 5.7.9.1 is affected.
- Version 5.7.15.1 is affected.
- Version 6.0.13 is affected.
- Version 5.6.14.3 is affected.
- Version 5.8.13.1 is affected.
- Version 5.7.16 is affected.
- Version 5.7.17 is affected.
- Version 5.7.17.1 is affected.
- Version 5.7.18 is affected.
- Version 5.7.19 is affected.
- Version 5.7.19.1 is affected.