2026年5月7日の
セキュリティ情報

Subject: [Security Advisory] Cisco CNC/NSO DoS Vulnerability (CVE-2026-20188)

Dear IT Operations and Security Team,

We are sharing critical information regarding a vulnerability in Cisco products.

■ Overview
A Denial of Service (DoS) vulnerability (CVE-2026-20188) has been discovered in Cisco Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO). An unauthenticated remote attacker can exhaust system resources, rendering the system unresponsive until a manual reboot is performed by an administrator.

■ Affected Scope
- Cisco Crosswork Network Controller (CNC) versions 7.1 and below
- Certain versions of Cisco Network Services Orchestrator (NSO) 6.4
*CNC 7.2 and NSO 6.5 are not affected.

■ Remediation Steps
1. Verify the current version of CNC/NSO in use.
2. For NSO 6.4 users, update to version 6.4.1.3.
3. For users of other affected versions, upgrade to the latest patched release.

■ Reference
- Please refer to the official Cisco Security Advisory.

Priority: High
Deadline: Immediate action recommended

Subject: [Security Alert] Potential Data Breach in Instructure Canvas LMS

Dear IT Security Team,

We are sharing information regarding a reported data breach affecting the Canvas Learning Management System (LMS).

■ Overview
The threat actor 'ShinyHunters' claims to have exfiltrated data from 8,809 educational institutions by exploiting Canvas's API and data export functionalities. The leaked data reportedly includes names, emails, and internal messages of students and staff.

■ Scope
- All organizations utilizing Instructure Canvas LMS.

■ Recommended Actions
1. Review audit logs for any unauthorized API key generation or anomalous bulk data export activities.
2. Enforce password resets and Multi-Factor Authentication (MFA) for all administrative accounts.
3. Audit permissions for integrated SaaS platforms and SSO configurations.

■ Reference
- Official Instructure advisory (Pending)

Priority: High
Deadline: Immediate