Cisco DoS Vulnerability CVE-2026-20188 Requires Manual Reboot for Recovery

Cisco DoS Vulnerability CVE-2026-20188 Requires Manual Reboot for Recovery

First seen 7 May 2026, 11:51 UTC BleepingcomputerGbhackersnvd.nist.govCybersecuritynews 82% similarity 57.9

Article Content

Browse articles
ThreatCluster

Cisco has disclosed a high-severity denial-of-service (DoS) vulnerability tracked as CVE-2026-20188 affecting the Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO). The flaw arises from inadequate rate limiting on incoming connections, allowing unauthenticated remote attackers to exhaust connection resources, leading to system unresponsiveness. Affected systems require a manual reboot to recover from the DoS condition. Cisco has not reported any active exploitation of this vulnerability at this time. The vulnerability carries a CVSS base score of 7.5, indicating significant risk to network infrastructure. Cisco has advised customers to upgrade to patched software to mitigate the risk. This vulnerability follows a history of similar issues in Cisco products, which have previously been exploited in attacks. The advisory was published on May 6, 2026.

Key Points: • CVE-2026-20188 allows remote attackers to cause DoS on Cisco CNC and NSO systems. • Affected devices require a manual reboot to recover from the DoS condition. • Cisco recommends immediate software upgrades to mitigate this vulnerability.

ThreatCluster AI

Timeline

2022-02-17
CVE-2022-20653 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2024-07-17
CVE-2024-20401 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2025-03-12
CVE-2025-20115 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2025-09-25
CVE-2025-20333 and CVE-2025-20362 added to CISA KEV
CISA added two previously exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting ongoing risks.
Bleepingcomputer
2026-05-06
CVE-2026-20188 published
Cisco disclosed a high-severity DoS vulnerability affecting CNC and NSO due to inadequate rate limiting.
Bleepingcomputer
Recent
Cisco advises customers to upgrade software
Cisco strongly recommends that customers upgrade to the fixed software to avoid exposure to CVE-2026-20188.
Bleepingcomputer

Community

Browse all →