New Cisco DoS flaw requires manual reboot to revive devices

Cisco released security updates to fix a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. The software helps large enterprises and service providers manage multivendor networks with automation and orchestrate network devices and resources. Tracked as CVE-2026-20188, the high-severity flaw stems from inadequate rate limiting on incoming network connections and can be exploited remotely A successful exploit could allow an attacker to exhaust available connection resources, causing the systems to become unresponsive and resulting in a denial-of-service condition. Cisco explained that a manual reboot of the system is required to recover from this condition. The company strongly recommends that customers upgrade to the fixed software indicated in its advisory. Cisco's Product Security Incident Response Team is not aware of ongoing exploitation of the vulnerability. The flaw has not been exploited in the wild yet. Cisco has previously patched other denial-of-service vulnerabilities that were exploited in attacks, including two flaws in its ASA and FTD firewalls that forced devices into reboot loops, issues in Secure Email appliances that required manual intervention to recover, and a flaw that crashed the Border Gateway Protocol process on IOS XR routers.