CVE-2026-20112
Stored XSS in Cisco IOx Web Management Interface Allows Script Execution
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ios_xe | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software. It allows an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against users of the web-based management interface.
The root cause is insufficient validation of user-supplied input, which enables an attacker to inject malicious code into specific pages of the interface.
If successfully exploited, the attacker can execute arbitrary script code within the context of the affected interface or access sensitive information stored in the browser.
Note that exploitation requires the attacker to have valid administrative credentials.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with administrative access to execute malicious scripts within the management interface.
Such an attack could lead to unauthorized actions being performed in the interface or sensitive browser-based information being accessed or stolen.
Because the attacker must have valid administrative credentials, the risk is limited to scenarios where those credentials are compromised or misused.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect if your device is potentially vulnerable to CVE-2026-20112, you can check if the Cisco IOx application hosting environment is configured on your Cisco IOS XE device.
- Use the command `show run | include iox` to verify if IOx is enabled or configured on the device.
If the output includes "iox", the device may be vulnerable and should be further assessed.
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds available for this vulnerability.
Cisco strongly recommends upgrading to fixed software releases to fully remediate the issue.
Before upgrading, verify device compatibility and memory requirements.
Additionally, ensure that only trusted administrators have valid credentials to reduce the risk of exploitation.