Description
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT).

Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.
Published: 2026-05-06
Score: 0 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the connection‑handling mechanism of Cisco Crosswork Network Controller and Cisco Network Services Orchestrator allows an attacker who does not need to be authenticated to flood the system with a large number of connection requests. The inadequate rate limiting causes the service to consume all available connection resources, rendering the controller or orchestrator unresponsive. The resulting denial of service requires a manual reboot to restore normal operation. This vulnerability directly affects the availability of the affected services.

Affected Systems

Cisco Crosswork Network Change Automation and Cisco Network Services Orchestrator are impacted. Specific version information is not supplied in the advisory.

Risk and Exploitability

The CVSS score is not available, leaving the severity assessment uncertain. EPSS score of 0.0014 (less than 1%) indicates a very low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. Because the attack requires only unauthenticated remote access and relies on sending many connections, an attacker with network reach to the affected system can exploit it using readily available tools, and escalation of privileges is not required.

Generated by OpenCVE AI on May 14, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Cisco Crosswork Network Change Automation or Cisco Network Services Orchestrator patch that addresses the rate‑limiting issue as soon as it becomes available.
  • If a patch is not yet available, enforce network‑level rate limiting or firewall rules to restrict the number of inbound connection attempts to the affected services.
  • Continuously monitor system logs for excessive connection attempts and investigate anomalous traffic patterns to identify attempted exploitation.

Generated by OpenCVE AI on May 14, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition. Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT). Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.
Title Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'}

Thu, 07 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco crosswork Network Automation
Cisco network Services Orchestrator
Vendors & Products Cisco
Cisco crosswork Network Automation
Cisco network Services Orchestrator

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadequate implementation of rate-limiting on incoming network connections. An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive and resulting in a DoS condition for legitimate users and dependent services. A manual reboot of the system is required to recover from this condition.
Title Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Cisco Crosswork Network Automation Network Services Orchestrator
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-05-14T16:30:22.826Z

Reserved: 2025-10-08T11:59:15.394Z

Link: CVE-2026-20188

cve-icon Vulnrichment

Updated: 2026-05-06T17:46:39.036Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T17:16:21.190

Modified: 2026-05-14T17:16:19.573

Link: CVE-2026-20188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T19:15:14Z

Weaknesses