CVE-2026-20102
Received Received - Intake
Reflected XSS in Cisco Secure Firewall SAML 2.0 SSO

Publication date: 2026-03-04

Last updated on: 2026-04-16

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the SAML feature and access sensitive, browser-based information. This vulnerability is due to insufficient input validation of multiple HTTP parameters. An attacker could exploit this vulnerability by persuading a user to access a malicious link. A successful exploit could allow the attacker to conduct a reflected XSS attack through an affected device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20102
EUVD
EUVD-2026-9472
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.16.1 (inc) to 9.16.4.89 (exc)
cisco adaptive_security_appliance_software From 9.17.1 (inc) to 9.18.4.71 (exc)
cisco adaptive_security_appliance_software From 9.20.1 (inc) to 9.20.4.19 (exc)
cisco adaptive_security_appliance_software From 9.22.1.1 (inc) to 9.22.2.32 (exc)
cisco adaptive_security_appliance_software From 9.23.1 (inc) to 9.23.1.26 (exc)
cisco firepower_threat_defense_software From 7.1.0 (inc) to 7.2.11 (exc)
cisco firepower_threat_defense_software From 7.0.0 (inc) to 7.0.9 (exc)
cisco firepower_threat_defense_software From 7.4.0 (inc) to 7.4.3 (exc)
cisco firepower_threat_defense_software From 7.6.0 (inc) to 10.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'This vulnerability is a reflected Cross-Site Scripting (XSS) issue in the SAML 2.0 single sign-on (SSO) feature of Cisco Secure Firewall ASA and Threat Defense Software. It occurs because the software does not properly validate multiple HTTP parameters used in the SAML feature.'}, {'type': 'paragraph', 'content': "An unauthenticated, remote attacker can exploit this by tricking a user into clicking a malicious link. When the user accesses this link, the attacker can execute a reflected XSS attack, which allows them to access sensitive information stored in the user's browser."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'If exploited, this vulnerability can allow an attacker to perform a reflected XSS attack, leading to unauthorized access to sensitive browser-based information of the user.'}, {'type': 'paragraph', 'content': "This could compromise user data confidentiality and integrity by exposing sensitive information through the victim's browser."}, {'type': 'paragraph', 'content': 'The attack requires the user to interact by clicking a malicious link, but no authentication or privileges are needed by the attacker.'}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by verifying the configuration of the SAML 2.0 single sign-on (SSO) feature and related VPN settings on Cisco Secure Firewall ASA or Secure FTD devices.

  • Use the command `show webvpn saml idp` to check the SAML 2.0 Identity Provider (IdP) configuration.
  • Use the command `show running-config tunnel-group | include remote-access|webvpn-attributes|saml` to check the SAML 2.0 Service Provider (SP) configuration.
  • Use the command `show running-config` to verify remote access VPN settings, looking specifically for `crypto ikev2 enable <interface>` for IKEv2 and `webvpn enable <interface>` for SSL VPN, which indicate vulnerable configurations.
Mitigation Strategies

There are no available workarounds for this vulnerability. The immediate mitigation step is to upgrade to the fixed software releases provided by Cisco.

Cisco strongly recommends applying the software updates that remediate this issue as detailed in their security advisory.

If you do not have a direct Cisco service contract, contact Cisco TAC for assistance in obtaining the fixed software.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20102. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart