Cisco DoS Vulnerability CVE-2026-20188 Requires Manual Reboot for Recovery

Severity: Medium (Score: 57.9)

Sources: Cybersecuritynews, Bleepingcomputer, Gbhackers, nvd.nist.gov

Summary

Cisco has disclosed a high-severity denial-of-service (DoS) vulnerability tracked as CVE-2026-20188 affecting the Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO). The flaw arises from inadequate rate limiting on incoming connections, allowing unauthenticated remote attackers to exhaust connection resources, leading to system unresponsiveness. Affected systems require a manual reboot to recover from the DoS condition. Cisco has not reported any active exploitation of this vulnerability at this time. The vulnerability carries a CVSS base score of 7.5, indicating significant risk to network infrastructure. Cisco has advised customers to upgrade to patched software to mitigate the risk. This vulnerability follows a history of similar issues in Cisco products, which have previously been exploited in attacks. The advisory was published on May 6, 2026. Key Points: • CVE-2026-20188 allows remote attackers to cause DoS on Cisco CNC and NSO systems. • Affected devices require a manual reboot to recover from the DoS condition. • Cisco recommends immediate software upgrades to mitigate this vulnerability.

Key Entities

• DDoS (attack_type)
• Cisco (company)
• CVE-2022-20653 (cve)
• CVE-2024-20401 (cve)
• CVE-2025-20115 (cve)
• CVE-2025-20333 (cve)
• CVE-2025-20362 (cve)
• Cwe-400 - Uncontrolled Resource Consumption (cwe)
• Cisco ASA (platform)
• Cisco Crosswork Network Controller (platform)
• Cisco FTD Firewalls (platform)
• Cisco Network Services Orchestrator (platform)
• Crosswork Network Controller (platform)