CVE-2026-20188
NONECisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability
Title source: cnaDescription
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT). Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.
References (1)
Core 1
Core References
Scores
CVSS v3
0.0
EPSS
0.0004
EPSS Percentile
11.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (50)
Cisco/Cisco Crosswork Network Change Automation
Cisco/Cisco Crosswork Network Change Automation
1.0.0
Cisco/Cisco Crosswork Network Change Automation
2.0.2
Cisco/Cisco Crosswork Network Change Automation
3.0.0
Cisco/Cisco Crosswork Network Change Automation
4.0.0
Cisco/Cisco Crosswork Network Change Automation
4.1.0
Cisco/Cisco Crosswork Network Change Automation
4.1.3
Cisco/Cisco Crosswork Network Change Automation
4.1.4
Cisco/Cisco Crosswork Network Change Automation
4.5.0
Cisco/Cisco Crosswork Network Change Automation
4.5.1
... and 40 more
Published
May 06, 2026
Tracked Since
May 06, 2026