CVE-2026-20188: CVE-2026-20188: Uncontrolled Resource Consumption in Cisco CNC and NSO

#security #cve #cybersecurity

CVE-2026-20188: Uncontrolled Resource Consumption in Cisco CNC and NSO

Vulnerability ID: CVE-2026-20188
CVSS Score: 7.5
Published: 2026-05-06

Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) contain a high-severity denial-of-service vulnerability due to inadequate connection rate limiting. Exploitation results in resource exhaustion requiring a manual reboot for recovery.

TL;DR

CVE-2026-20188 is an unauthenticated, remote denial-of-service vulnerability (CVSS 7.5) in Cisco CNC and NSO. An attacker can exhaust system connections, causing application unresponsiveness that persists until a manual system reboot.

Technical Details

CWE ID: CWE-400
Attack Vector: Network
CVSS v3.1: 7.5
Impact: Persistent Denial of Service
Exploit Status: None (Unexploited)
KEV Status: Not Listed

Affected Systems

Cisco Crosswork Network Controller (CNC)
Cisco Network Services Orchestrator (NSO)
Cisco Crosswork Network Controller: <= 7.1 (Fixed in: 7.2)
Cisco Network Services Orchestrator: <= 6.3 (Fixed in: 6.5)
Cisco Network Services Orchestrator: 6.4 (Fixed in: 6.4.1.3)

Mitigation Strategies

Apply vendor-provided patch upgrades
Implement network-level connection rate limiting at upstream firewalls
Restrict network access to management interfaces using explicit allowlists
Monitor ingress ports for unusual TCP connection spikes

Remediation Steps:

Identify the current software version of Cisco CNC or NSO running in the environment.
Download the applicable fixed release (CNC 7.2+, NSO 6.4.1.3, or NSO 6.5+).
Schedule a maintenance window and provision backup snapshots.
Apply the software update according to Cisco's official upgrade procedures.
Verify system stability and test management interface connectivity post-upgrade.