SB2026061769 - Server-side template injection in Cisco Crosswork Network Controller

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2026-20220)

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary commands.

The vulnerability exists due to insufficient input validation in the configuration template engine of the web-based management interface when handling crafted requests. A remote user can send a crafted request to execute arbitrary commands.

Command execution is limited to areas of the underlying operating system file system for which the template user has write permissions. Template users with read permissions cannot exploit this vulnerability.

Remediation

Install update from vendor's website.

References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwt44379