CVE-2026-20112
Received Received - Intake
Stored XSS in Cisco IOx Web Management Interface Allows Script Execution

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20112
EUVD
EUVD-2026-15442
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco ios_xe *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software. It allows an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against users of the web-based management interface.

The root cause is insufficient validation of user-supplied input, which enables an attacker to inject malicious code into specific pages of the interface.

If successfully exploited, the attacker can execute arbitrary script code within the context of the affected interface or access sensitive information stored in the browser.

Note that exploitation requires the attacker to have valid administrative credentials.

Impact Analysis

This vulnerability can impact you by allowing an attacker with administrative access to execute malicious scripts within the management interface.

Such an attack could lead to unauthorized actions being performed in the interface or sensitive browser-based information being accessed or stolen.

Because the attacker must have valid administrative credentials, the risk is limited to scenarios where those credentials are compromised or misused.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

To detect if your device is potentially vulnerable to CVE-2026-20112, you can check if the Cisco IOx application hosting environment is configured on your Cisco IOS XE device.

  • Use the command `show run | include iox` to verify if IOx is enabled or configured on the device.

If the output includes "iox", the device may be vulnerable and should be further assessed.

Mitigation Strategies

There are no workarounds available for this vulnerability.

Cisco strongly recommends upgrading to fixed software releases to fully remediate the issue.

Before upgrading, verify device compatibility and memory requirements.

Additionally, ensure that only trusted administrators have valid credentials to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20112. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart