PT-2026-37655 · Cisco · Crosswork Network Controller+1

Published

2026-05-06

Updated

2026-05-17

CVE-2026-20188

CVSS v3.1

0.0

None

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Crosswork Network Controller (CNC) versions prior to 7.2 Cisco Network Services Orchestrator (NSO) versions prior to 6.4.1.3

Description An inadequate implementation of rate-limiting on incoming network connections in the connection-handling mechanism allows an unauthenticated, remote attacker to cause a denial of service (DoS) condition. By sending a large volume of connection requests, an attacker can exhaust available connection resources, rendering the system unresponsive for legitimate users and dependent services. Recovery from this state requires a manual reboot of the system.

Recommendations Update to version 7.2 for Cisco Crosswork Network Controller (CNC). Update to version 6.4.1.3 for Cisco Network Services Orchestrator (NSO).

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2026-20188

Affected Products

Crosswork Network Controller

Cisco Network Services Orchestrator

PT-2026-37655 · Cisco · Crosswork Network Controller+1

CVE-2026-20188

Weakness Enumeration

Related Identifiers

Affected Products

References · 14