Cisco DoS Vulnerability CVE-2026-20188 Requires Manual Reboot for Recovery

Severity: High (Score: 60.6)

Sources: nvd.nist.gov, Bleepingcomputer, Gbhackers

Summary

Cisco has disclosed a high-severity denial-of-service (DoS) vulnerability, CVE-2026-20188, affecting its Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO). The flaw arises from inadequate rate limiting on incoming connections, allowing unauthenticated attackers to exhaust connection resources and crash the systems. Recovery from this condition necessitates a manual reboot of the affected devices. Cisco's advisory, published on May 6, 2026, indicates that while there is no evidence of active exploitation, the potential for disruption to large enterprises and service providers is significant. The vulnerability has a CVSS base score of 7.5, highlighting its severity. Cisco recommends that customers upgrade to the patched software to mitigate the risk. This vulnerability follows a history of similar issues in Cisco products, including previously exploited DoS vulnerabilities. The company is urging immediate action to prevent potential exploitation. Key Points: • CVE-2026-20188 allows unauthenticated attackers to crash Cisco CNC and NSO systems. • Manual reboot is required for recovery from the DoS condition caused by this vulnerability. • Cisco recommends immediate software upgrades to mitigate the risk of exploitation.

Key Entities

• DDoS (attack_type)
• Cisco (company)
• CVE-2022-20653 (cve)
• CVE-2024-20401 (cve)
• CVE-2025-20115 (cve)
• CVE-2025-20333 (cve)
• CVE-2025-20362 (cve)
• Cwe-400 - Uncontrolled Resource Consumption (cwe)
• Cisco ASA (platform)
• Cisco Crosswork Network Controller (platform)
• Cisco FTD Firewalls (platform)
• Cisco Network Services Orchestrator (platform)
• IOS XR Routers (platform)