The Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) were found vulnerable to a high-severity DoS vulnerability tracked as CVE-2026-20188.According to Cisco, the issue exists because rate-limiting on incoming network connections was not properly implemented, allowing a remote, unauthenticated attacker to send a large number of connection requests to a vulnerable system and exhaust resources.The fifth high-severity bug, tracked as CVE-2026-20167, was addressed in the web interface of IoT Field Network Director. Due to improper error handling, the weakness allows attackers to submit crafted input and cause the router to reload, leading to a DoS condition.On Wednesday, Cisco also resolved seven medium-severity vulnerabilities in IoT Field Network Director, Slido, Prime Infrastructure, Identity Services Engine (ISE), and Enterprise Chat and Email (ECE).The bugs could lead to file reads, command execution, information disclosure, arbitrary log file downloads, and browser-based attacks.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’ssecurity advisoriespage.Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
According to Cisco, the issue exists because rate-limiting on incoming network connections was not properly implemented, allowing a remote, unauthenticated attacker to send a large number of connection requests to a vulnerable system and exhaust resources.The fifth high-severity bug, tracked as CVE-2026-20167, was addressed in the web interface of IoT Field Network Director. Due to improper error handling, the weakness allows attackers to submit crafted input and cause the router to reload, leading to a DoS condition.On Wednesday, Cisco also resolved seven medium-severity vulnerabilities in IoT Field Network Director, Slido, Prime Infrastructure, Identity Services Engine (ISE), and Enterprise Chat and Email (ECE).The bugs could lead to file reads, command execution, information disclosure, arbitrary log file downloads, and browser-based attacks.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’ssecurity advisoriespage.Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
The fifth high-severity bug, tracked as CVE-2026-20167, was addressed in the web interface of IoT Field Network Director. Due to improper error handling, the weakness allows attackers to submit crafted input and cause the router to reload, leading to a DoS condition.On Wednesday, Cisco also resolved seven medium-severity vulnerabilities in IoT Field Network Director, Slido, Prime Infrastructure, Identity Services Engine (ISE), and Enterprise Chat and Email (ECE).The bugs could lead to file reads, command execution, information disclosure, arbitrary log file downloads, and browser-based attacks.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’ssecurity advisoriespage.Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
On Wednesday, Cisco also resolved seven medium-severity vulnerabilities in IoT Field Network Director, Slido, Prime Infrastructure, Identity Services Engine (ISE), and Enterprise Chat and Email (ECE).The bugs could lead to file reads, command execution, information disclosure, arbitrary log file downloads, and browser-based attacks.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’ssecurity advisoriespage.Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
The bugs could lead to file reads, command execution, information disclosure, arbitrary log file downloads, and browser-based attacks.Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’ssecurity advisoriespage.Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’ssecurity advisoriespage.Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
Related:Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRelated:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
Related:Oracle Patches 450 Vulnerabilities With April 2026 CPURelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
Related:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Splunk Enterprise Update Patches Code Execution Vulnerability
Related:Splunk Enterprise Update Patches Code Execution Vulnerability
Source: SecurityWeek
