Medium severity4.8NVD Advisory· Published Apr 15, 2026· Updated Apr 17, 2026

CVE-2026-20132

Description

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.

These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco ISE web management interface lacks input sanitization, allowing authenticated admins to conduct stored/reflected XSS attacks.

Vulnerability

Overview CVE-2026-20132 describes multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE). The root cause is insufficient sanitization of user-supplied data that is stored in web pages [1]. This flaw affects all configurations of Cisco ISE [1].

Exploitation

Prerequisites An attacker must have authenticated, remote access to the web interface with administrative write privileges. The attack requires convincing another user (such as a fellow admin) to click a specific link or view an affected web page [1]. Both stored XSS (persistent injection into stored data) and reflected XSS (via crafted links) are possible.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This could lead to interface manipulation or access to sensitive browser-based information, potentially compromising administrative operations [1]. Cisco ISE Passive Identity Connector (ISE-PIC) is not affected [1].

Mitigation

Cisco has released fixed software updates that address these vulnerabilities. No workarounds are available [1]. Administrators should upgrade to patched versions as soon as possible.

References

Cisco Security Advisory: Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Identity Services Enginellm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7Unvd

News mentions

No linked articles in our index yet.

cvss	0.312
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000