CVE-2026-20132
Received Received - Intake
Stored and Reflected XSS in Cisco ISE Web Management Interface

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: Cisco Systems, Inc.

Description
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device. These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20132
EUVD
EUVD-2026-22958
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
cisco identity_services_engine to 3.2_patch_8 (exc)
cisco identity_services_engine 3.2_patch_8
cisco identity_services_engine 3.3_patch_5
cisco identity_services_engine 3.4_patch_2
cisco identity_services_engine to 3.5 (exc)
cisco identity_services_engine *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the vulnerabilities in Cisco Identity Services Engine (ISE) impact compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-20132 involves multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE).

These vulnerabilities occur because the system does not properly sanitize user-supplied data that is stored and displayed on web pages.

An authenticated remote attacker with administrative write privileges can exploit these flaws by convincing a user to click a specially crafted link or view a malicious web page, which causes malicious script code to execute within the context of the management interface.

This can lead to unauthorized access to sensitive browser-based information or other malicious actions within the interface.

Impact Analysis

If exploited, this vulnerability can allow an attacker to execute malicious scripts in the context of the Cisco ISE web-based management interface.

This may result in unauthorized access to sensitive information stored in the browser or manipulation of the interface's behavior.

Because the attacker needs administrative write privileges and user interaction, the risk is somewhat limited but still significant.

The vulnerability impacts confidentiality and integrity partially but does not affect availability.

Detection Guidance

This vulnerability involves stored and reflected cross-site scripting (XSS) in the web-based management interface of Cisco Identity Services Engine (ISE) and requires an authenticated attacker with administrative write privileges. Detection typically involves monitoring for suspicious or unexpected script injections in the web interface or unusual user interactions that could indicate exploitation attempts.

However, no specific detection commands or automated detection methods are provided in the available information.

Mitigation Strategies

The only effective mitigation for this vulnerability is to upgrade Cisco Identity Services Engine (ISE) to the fixed software releases.

  • Upgrade to Cisco ISE version 3.2 Patch 8 or later.
  • Upgrade to Cisco ISE version 3.3 Patch 5 or later.
  • Upgrade to Cisco ISE version 3.4 Patch 2 or later.
  • Alternatively, use Cisco ISE version 3.5, which is not vulnerable.

No workarounds exist, so upgrading is strongly recommended. For detailed upgrade instructions, consult Cisco’s support pages or contact Cisco TAC.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20132. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart