Description
A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.

This vulnerability is due to insufficient input validation in the configuration template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions. 
To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability. 
Published: 2026-06-17
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is insufficient input validation within the web-based management interface’s configuration template engine. When an attacker sends a specially crafted request, the system interprets the data as a command, allowing execution of arbitrary shell commands on the underlying operating system. The attack is limited to filesystem paths that the authenticated template user can write to, but still permits the attacker to run any command within that scope. The weakness is listed as CWE-74.

Affected Systems

Cisco Crosswork Network Change Automation, accessed via its web-based management interface. No specific product versions are mentioned in the advisory; therefore all releases that include the vulnerable template engine may be at risk until a patch is released. The vendor explicitly targets only those template users who hold write permissions.

Risk and Exploitability

The CVSS base score of 6.3 classifies the flaw as a medium‑severity RCE. EPSS being below 1% suggests that, as of now, exploitation attempts are expected to be rare, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, because the exploit requires valid, write‑capable template credentials, an attacker who compromises or authenticates as such a user can gain control over the device’s operating system in the areas where the user can create or modify files. Mitigation relies on command‑line privileges tied to template accounts and network segmentation.

Generated by OpenCVE AI on June 18, 2026 at 18:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Cisco security patch that corrects the configuration template engine.
  • Restrict template user permissions so that only read access is granted, or remove template functionality if not required.
  • If a patch is not yet available, limit external access to the web-based management interface and enforce strict internal network controls.
  • Continuously monitor Cisco advisories and apply subsequent updates promptly.

Generated by OpenCVE AI on June 18, 2026 at 18:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco crosswork Network Automation
Vendors & Products Cisco
Cisco crosswork Network Automation

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an&nbsp;authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficient input validation in the configuration&nbsp;template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions.&nbsp; To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.&nbsp;
Title Cisco Crosswork Network Controller Remote Code Execution Vulnerability
Weaknesses CWE-74
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Subscriptions

Cisco Crosswork Network Automation
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-06-17T17:16:59.052Z

Reserved: 2025-10-08T11:59:15.398Z

Link: CVE-2026-20220

cve-icon Vulnrichment

Updated: 2026-06-17T17:16:54.335Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T09:30:16Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')