Bright Nexus

Published on May 7, 2026

New Cisco DoS Flaw Requires Manual Reboot to Revive Devices

Severity

High

Detail

A high-severity vulnerability has been identified in Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO). The flaw tracked as CVE-2026-20188 is caused by insufficient rate limiting on incoming network connections. An unauthenticated remote attacker can exploit the vulnerability using low-complexity attacks to exhaust available connection resources and force affected systems into a denial-of-service (DoS) condition.

Successful exploitation may cause Cisco CNC and Cisco NSO systems to become unresponsive, disrupting legitimate users and dependent network services. Recovery from the attack requires a manual reboot of the affected device, increasing operational impact and downtime risks for enterprises and service providers relying on these platforms for network management and orchestration. Cisco has released security updates and strongly recommends organizations upgrade to fixed software versions immediately to prevent service disruption and future exposure. At the time of disclosure, Cisco Product Security Incident Response Team (PSIRT) reported that there is currently no evidence of active exploitation in the wild.

CVE IDSummaryCVSS Score
CVE-2026-20188Insufficient rate limiting in Cisco CNC and Cisco NSO allows unauthenticated remote attackers to cause a denial-of-service condition requiring manual reboot for recovery.7.5 (High)

Affected Products

The vulnerability impacts the following Cisco products and versions:

Cisco Crosswork Network Controller (CNC):

  • Cisco CNC 7.1 and earlier — affected (upgrade to a fixed release)
  • Cisco CNC 7.2 — not vulnerable

Cisco Network Services Orchestrator (NSO):

  • Cisco NSO 6.3 and earlier — affected (upgrade to a fixed release)
  • Cisco NSO 6.4 — fixed in version 6.4.1.3
  • Cisco NSO 6.5 — not vulnerable

Recommendation

Organizations and administrators are strongly advised to take the following actions immediately:

  • Upgrade Cisco CNC and Cisco NSO to the latest fixed software releases provided by Cisco
  • Restrict access to management interfaces and orchestration services to trusted networks only
  • Implement rate limiting and network access controls where possible
  • Monitor systems for abnormal connection spikes or signs of service degradation
  • Review firewall, IDS/IPS, and network monitoring alerts for potential exploitation attempts
  • Ensure incident response and recovery procedures are prepared in case manual reboot operations are required

Failure to remediate this vulnerability could result in prolonged service outages, disruption of network orchestration operations, and operational downtime impacting enterprise and service provider environments.


Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc

https://www.bleepingcomputer.com/news/security/new-cisco-dos-flaw-requires-manual-reboot-to-revive-devices