VYPR
patchPublished May 6, 2026· Updated May 17, 2026· 1 source

Cisco Patches High-Severity DoS Flaw in Network Management Platforms

Cisco has released patches for a high-severity denial-of-service vulnerability in its Crosswork Network Controller and Network Services Orchestrator that forces affected systems into an unresponsive state requiring manual reboots.

Cisco has issued security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2026-20188, affecting its Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) platforms. These tools are widely utilized by large enterprises and service providers for network automation and management BleepingComputer.

The vulnerability stems from inadequate rate limiting on incoming network connections. According to Cisco, an unauthenticated, remote attacker can exploit this flaw by sending a flood of requests to exhaust available connection resources. This action causes the affected CNC or NSO system to become unresponsive, effectively creating a DoS condition for legitimate users and dependent services BleepingComputer.

A critical aspect of this vulnerability is that it does not automatically recover once the attack ceases. Cisco confirmed that a manual reboot of the affected system is required to restore functionality after an exploit has occurred BleepingComputer. While the flaw is considered high-severity due to the ease of exploitation and the impact on system availability, Cisco’s Product Security Incident Response Team (PSIRT) has stated that there is currently no evidence of the vulnerability being exploited in the wild BleepingComputer.

To remediate the issue, Cisco has provided specific guidance based on the software version in use. For Cisco CNC, users on version 7.1 and earlier are advised to migrate to a fixed release, while version 7.2 is not vulnerable. For Cisco NSO, users on version 6.3 and earlier must migrate to a fixed release, and those on version 6.4 should upgrade to version 6.4.1.3. Version 6.5 of NSO is not affected by this vulnerability BleepingComputer.

This incident highlights a recurring challenge for network administrators, as Cisco has previously addressed other DoS vulnerabilities that required manual intervention to recover. For example, in 2022 and 2024, the company patched flaws in Secure Email appliances that similarly required contact with the Technical Assistance Center (TAC) to bring systems back online. Furthermore, the company has dealt with various DoS issues in its firewall and router products, including those that led to emergency directives from CISA in late 2025 BleepingComputer.

The discovery of CVE-2026-20188 underscores the ongoing risk posed by resource-exhaustion attacks against critical infrastructure management software. As organizations increasingly rely on automated orchestration platforms like CNC and NSO, ensuring these systems are hardened against remote DoS attempts remains a priority for maintaining network stability. Security teams should prioritize applying the recommended patches to prevent potential service disruptions that necessitate manual recovery efforts.

Synthesized by Vypr AI