Medium6.3Cisco Updated
Cisco Crosswork Network Controller Server-Side Template Injection Vulnerability
cisco-sa-cnc-inj-QNMeEmxk Published Jun 17, 2026Updated by vendor Jun 17, 2026
CVE-2026-20220
Affected products & platforms
CiscoUnclassified
Summary
A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration template engine of the web-based management interface.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco Crosswork Network Controller, regardless of device configuration.
- Release 7.1 and earlier (first fixed: 7.1.3)
- Release 7.2 (first fixed: 7.2.1)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 7.1.3
- 7.2.1
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 7.1 and earlier: upgrade to 7.1.3.
- Release 7.2: upgrade to 7.2.1.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.