CVE-2026-20132
Stored and Reflected XSS in Cisco ISE Web Management Interface
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | identity_services_engine | to 3.2_patch_8 (exc) |
| cisco | identity_services_engine | 3.2_patch_8 |
| cisco | identity_services_engine | 3.3_patch_5 |
| cisco | identity_services_engine | 3.4_patch_2 |
| cisco | identity_services_engine | to 3.5 (exc) |
| cisco | identity_services_engine | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20132 involves multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE).
These vulnerabilities occur because the system does not properly sanitize user-supplied data that is stored and displayed on web pages.
An authenticated remote attacker with administrative write privileges can exploit these flaws by convincing a user to click a specially crafted link or view a malicious web page, which causes malicious script code to execute within the context of the management interface.
This can lead to unauthorized access to sensitive browser-based information or other malicious actions within the interface.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored and reflected cross-site scripting (XSS) in the web-based management interface of Cisco Identity Services Engine (ISE) and requires an authenticated attacker with administrative write privileges. Detection typically involves monitoring for suspicious or unexpected script injections in the web interface or unusual user interactions that could indicate exploitation attempts.
However, no specific detection commands or automated detection methods are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The only effective mitigation for this vulnerability is to upgrade Cisco Identity Services Engine (ISE) to the fixed software releases.
- Upgrade to Cisco ISE version 3.2 Patch 8 or later.
- Upgrade to Cisco ISE version 3.3 Patch 5 or later.
- Upgrade to Cisco ISE version 3.4 Patch 2 or later.
- Alternatively, use Cisco ISE version 3.5, which is not vulnerable.
No workarounds exist, so upgrading is strongly recommended. For detailed upgrade instructions, consult Ciscoβs support pages or contact Cisco TAC.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerabilities in Cisco Identity Services Engine (ISE) impact compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute malicious scripts in the context of the Cisco ISE web-based management interface.
This may result in unauthorized access to sensitive information stored in the browser or manipulation of the interface's behavior.
Because the attacker needs administrative write privileges and user interaction, the risk is somewhat limited but still significant.
The vulnerability impacts confidentiality and integrity partially but does not affect availability.