Cisco has disclosed a high-severity vulnerability affecting its network management platforms, Cisco Crosswork Network Controller and Cisco Network Services Orchestrator, which could allow remote attackers to crash vulnerable systems by exhausting their available connection resources.
The security issue, tracked as CVE-2026-20188, carries a CVSS score of 7.5. According to Cisco, the flaw can be exploited remotely without authentication, meaning an attacker does not need valid credentials or prior access to interfere with affected servers.
At the center of the problem is how the platforms manage incoming network connections. Cisco explained that the affected software does not properly control or restrict the rate of connection requests sent to the server. Because of this weakness, a malicious actor can continuously bombard the system with repeated requests until all available connection resources are consumed.
Once the systems run out of resources, both Cisco CNC and NSO can stop responding entirely. Administrators may lose access to management interfaces, while network operations that depend on these platforms can experience abrupt disruption.
Unlike temporary service slowdowns, the systems do not automatically recover after the overload occurs. Cisco stated that administrators must manually reboot the affected platforms to clear the exhausted resources and restore normal operations.
The company internally tracks the issue under Bug ID CSCwr08237. Cisco said the flaw originates from the connection-handling mechanisms used within both products.
Denial-of-service vulnerabilities of this kind are often disruptive because they target system availability rather than data theft. In enterprise environments, orchestration and network control platforms are responsible for coordinating automated processes, monitoring infrastructure, and managing service delivery across large networks. If these systems become unreachable, organizations can temporarily lose visibility into network operations and automated workflows.
Cisco is urging organizations using these products to immediately review their software versions and determine whether their environments are exposed.
For Cisco Crosswork Network Controller, the vulnerability affects version 7.1 and all earlier releases. Cisco confirmed that version 7.2 is not impacted, making upgrades necessary for organizations still operating older deployments.
The issue also affects several release branches of Cisco Network Services Orchestrator. Systems running version 6.3 or earlier remain vulnerable and require immediate updates. Cisco further confirmed that the flaw exists within the 6.4 release branch, although the issue was corrected beginning with version 6.4.1.3. Organizations operating NSO version 6.5 or later are not affected.
Cisco discovered the vulnerability internally while handling a routine Technical Assistance Center support case. At this time, the company’s Product Security Incident Response Team said it has not observed public proof-of-concept exploit code or evidence showing active attacks targeting the flaw.
Even so, the company warned that customers cannot rely on temporary mitigations to reduce exposure. Cisco stated there are currently no workarounds capable of preventing the resource exhaustion issue without affecting legitimate system functionality. Because of this, upgrading to patched software releases remains the only available method for fully securing vulnerable environments.
Security professionals have increasingly warned that resource exhaustion attacks continue to pose operational risks for enterprises because they can interrupt business-critical infrastructure without requiring sophisticated intrusion techniques. Attackers often exploit weaknesses in traffic handling, connection management, or request validation to overwhelm services and force outages.
Cisco is advising affected customers to schedule maintenance windows and deploy the recommended updates as quickly as possible to reduce the risk of service interruptions and administrative lockouts.
