๐Ÿ” CVE Alert

CVE-2026-20188

HIGH 7.5

Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition.

CWE CWE-400
Vendor cisco
Product cisco crosswork network change automation
Ecosystems
Industries
NetworkingTelecommunications
Published May 6, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco crosswork network change automation

Be the first to know when new high vulnerabilities affecting cisco cisco crosswork network change automation are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Cisco / Cisco Crosswork Network Change Automation
3.0.0 1.0.0 2.0.2 4.0.0 4.1.0 4.5.0 5.0.0 4.5.1 4.5.2 5.0.2 4.1.3 6.0.0 7.0.0 4.1.4 5.0.4 7.1.0 7.0.3 7.1.3
Cisco / Cisco Network Services Orchestrator
5.7 5.7.1 5.7.1.1 5.7.2 5.7.2.1 5.7.3 5.8 5.6.6.1 5.7.5.1 5.6.7.1 5.6.7 5.8.1 5.6.6 5.8.2.1 5.7.5 5.7.4 5.8.2 5.6.7.2 5.7.6 5.7.6.1 5.8.3 5.6.8 5.7.6.2 5.8.4 5.7.7 5.6.9 5.6.8.1 5.8.5 5.7.8 6.0 5.7.8.1 6.0.1 5.6.10 5.8.6 6.0.1.1 6.0.2 5.7.9 5.6.11 5.8.7 6.0.3 5.7.10 5.6.12 5.8.8 6.0.4 5.7.10.1 6.1 5.7.6.3 5.7.11 6.0.5 5.6.13 5.8.9 6.1.1 5.7.10.2 6.0.6 5.7.12 5.6.14 5.8.10 6.0.7 5.7.13 5.8.11 6.0.8 5.6.14.1 5.8.12 6.0.9 5.8.13 5.7.14 6.0.10 6.0.11 5.7.15 6.0.12 5.7.9.1 5.7.15.1 6.0.13 5.6.14.3 5.8.13.1 5.7.16 5.7.17 5.7.17.1 5.7.18 5.7.19 5.7.19.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc