CISCO Security Advisory
Published Date: June 17, 2026
CVE: CVE-2026-20220
Advisory Summary
⬢ Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability
A medium-severity vulnerability (CVE-2026-20220) has been identified in the web-based management interface of Cisco Crosswork Network Controller. The root cause lies in insufficient input validation within the configuration template engine. This flaw could allow a malicious, authenticated remote attacker—who possesses template user credentials with write permissions—to execute arbitrary commands on the underlying operating system, impacting specific writable file system areas.
It is important to note that this vulnerability is inaccessible to users with read-only permissions and requires valid credentials with write access, thus limiting exposure but underscoring the importance of strict access control and credential management.
Cisco has promptly issued software updates to remediate this vulnerability. No temporary workarounds are available, making timely patching essential to prevent possible exploitation.
IT infrastructure teams managing Cisco Crosswork Network Controller environments should prioritize the deployment of these security updates and audit template user permissions to mitigate associated risks.
⚠️ Security Impact: Medium
🛡 CVE Identifier: CVE-2026-20220
-2026-20220
Reference: Vendor Advisory