What is CVE-2026-20220?

CVE-2026-20220 is a medium-severity vulnerability in Cisco Crosswork Network Change Automation, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2026-06-17.

How severe is CVE-2026-20220?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Cisco Crosswork Network Change Automation

CVE-2026-20220

A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to insufficien…

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Cisco Crosswork Network Change Automation — versions 3.0.0, 3.0.1, 1.0.0

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

psirt@cisco.com

Frequently asked questions

What is CVE-2026-20220?: CVE-2026-20220 is a medium-severity vulnerability in Cisco Crosswork Network Change Automation, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2026-06-17.
How severe is CVE-2026-20220?: Medium severity. CVSS v3 base score is 6.3 out of 10.