CVE-2026-20220
Received Received - Intake
Command Injection in Cisco Crosswork Network Controller

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.  To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability. 
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-20220
EUVD
EUVD-2026-37750
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
cisco crosswork_network_controller *
cisco crosswork_network_controller to 7.2 (exc)
cisco crosswork_network_controller to 7.3 (exc)
cisco crosswork_network_controller 7.1.3
cisco crosswork_network_controller 7.2.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20220 is a Server-Side Template Injection vulnerability in the Cisco Crosswork Network Controller's web-based management interface.

It occurs due to insufficient input validation in the configuration template engine, allowing an authenticated remote attacker with valid template user credentials (with write permissions) to execute arbitrary commands on the affected device.

The attacker can run commands on the underlying operating system but only within file system areas where the template user has write permissions. Template users with read-only access cannot exploit this vulnerability.

Impact Analysis

This vulnerability can allow an authenticated attacker with write permissions to execute arbitrary commands on the underlying operating system of the affected device.

Such command execution could lead to unauthorized changes, potential data compromise, or disruption of device operations within the areas of the file system where the template user has write access.

Detection Guidance

There are no specific detection commands or methods provided for identifying this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Cisco Crosswork Network Controller to the fixed software versions.

  • Upgrade to version 7.1.3 if you are using version 7.1 or earlier.
  • Upgrade to version 7.2.1 if you are using version 7.2.

There are no available workarounds, so applying the software update is the only effective mitigation.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart