Skip to main content

Cisco CVE-2026-20112

| EUVDEUVD-2026-15442 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-25 cisco
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:16 euvd
EUVD-2026-15442
Analysis Generated
Mar 25, 2026 - 16:16 vuln.today
CVE Published
Mar 25, 2026 - 16:08 nvd
MEDIUM 4.8

DescriptionCVE.org

A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.

AnalysisAI

A stored cross-site scripting (XSS) vulnerability exists in the web-based Cisco IOx application hosting environment management interface within Cisco IOS XE Software, allowing authenticated remote attackers with administrative credentials to inject malicious scripts that execute in the context of other users' browser sessions. Successful exploitation enables arbitrary script execution and access to sensitive browser-based information affecting a wide range of Cisco IOS XE versions from 16.6.1 through 17.18.1a. This vulnerability requires valid administrative credentials and user interaction but poses a significant risk in multi-administrator environments where privilege escalation or lateral movement could occur.

Technical ContextAI

The vulnerability resides in the IOx application hosting environment management interface, a web-based administrative portal integrated into Cisco IOS XE Software (CPE: cpe:2.3:a:cisco:cisco_ios_xe_software). The root cause is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating insufficient input validation and output encoding on specific interface pages. The IOx subsystem is Cisco's lightweight virtualization platform for running containerized applications on IOS XE devices. When user-supplied input is not properly sanitized before being stored in the application database and subsequently rendered in HTML responses, an attacker can craft malicious payloads that persist and execute whenever other authenticated users access the affected pages. The vulnerability affects the web interface served by the IOS XE management plane, not the underlying routing or switching functions.

RemediationAI

Upgrade Cisco IOS XE Software to a patched version released after the vulnerability disclosure date; consult the official Cisco security advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-xss-LpGkzwtJ for specific patched version numbers corresponding to your release train. Until patching is possible, implement the following compensating controls: restrict administrative web interface access via network access control lists (ACLs) to trusted administrative networks only; enforce HTTPS with valid certificates and implement HTTP Strict-Transport-Security (HSTS) headers; disable the IOx application hosting feature if not in use; implement strong multi-factor authentication (MFA) for all administrative accounts to reduce the likelihood of credential compromise; monitor access logs for suspicious administrative activities or XSS payload signatures; and consider deploying a reverse proxy or WAF in front of the management interface to filter and sanitize HTTP requests. Regular patching of IOS XE software should be included in the standard maintenance window schedule to prevent accumulation of known vulnerabilities.

Share

CVE-2026-20112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy