Cisco IOS XE XSS in Web-Based Management Interface
CVE-2026-20112 Published on March 25, 2026
A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
Vulnerability Analysis
CVE-2026-20112 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2026-20112 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2026-20112
Want to know whenever a new CVE is published for Cisco IOS XE? stack.watch will email you.
Affected Versions
Cisco IOS XE Software:- Version 16.6.1 is affected.
- Version 16.6.2 is affected.
- Version 16.6.3 is affected.
- Version 16.6.4 is affected.
- Version 16.6.5 is affected.
- Version 16.6.4a is affected.
- Version 16.6.5a is affected.
- Version 16.6.6 is affected.
- Version 16.6.7 is affected.
- Version 16.6.8 is affected.
- Version 16.6.9 is affected.
- Version 16.6.10 is affected.
- Version 16.7.1 is affected.
- Version 16.7.1a is affected.
- Version 16.7.1b is affected.
- Version 16.7.2 is affected.
- Version 16.7.3 is affected.
- Version 16.7.4 is affected.
- Version 16.8.1 is affected.
- Version 16.8.1a is affected.
- Version 16.8.1b is affected.
- Version 16.8.1s is affected.
- Version 16.8.1c is affected.
- Version 16.8.1d is affected.
- Version 16.8.2 is affected.
- Version 16.8.1e is affected.
- Version 16.8.3 is affected.
- Version 16.9.1 is affected.
- Version 16.9.2 is affected.
- Version 16.9.1a is affected.
- Version 16.9.1b is affected.
- Version 16.9.1s is affected.
- Version 16.9.3 is affected.
- Version 16.9.4 is affected.
- Version 16.9.5 is affected.
- Version 16.9.5f is affected.
- Version 16.9.6 is affected.
- Version 16.9.7 is affected.
- Version 16.9.8 is affected.
- Version 16.10.1 is affected.
- Version 16.10.1a is affected.
- Version 16.10.1b is affected.
- Version 16.10.1s is affected.
- Version 16.10.1c is affected.
- Version 16.10.1e is affected.
- Version 16.10.1d is affected.
- Version 16.10.2 is affected.
- Version 16.10.1f is affected.
- Version 16.10.1g is affected.
- Version 16.10.3 is affected.
- Version 16.11.1 is affected.
- Version 16.11.1a is affected.
- Version 16.11.1b is affected.
- Version 16.11.2 is affected.
- Version 16.11.1s is affected.
- Version 16.12.1 is affected.
- Version 16.12.1s is affected.
- Version 16.12.1a is affected.
- Version 16.12.1c is affected.
- Version 16.12.1w is affected.
- Version 16.12.2 is affected.
- Version 16.12.1y is affected.
- Version 16.12.2a is affected.
- Version 16.12.3 is affected.
- Version 16.12.8 is affected.
- Version 16.12.2s is affected.
- Version 16.12.1x is affected.
- Version 16.12.1t is affected.
- Version 16.12.4 is affected.
- Version 16.12.3s is affected.
- Version 16.12.3a is affected.
- Version 16.12.4a is affected.
- Version 16.12.5 is affected.
- Version 16.12.6 is affected.
- Version 16.12.1z1 is affected.
- Version 16.12.5a is affected.
- Version 16.12.5b is affected.
- Version 16.12.1z2 is affected.
- Version 16.12.6a is affected.
- Version 16.12.7 is affected.
- Version 16.12.10a is affected.
- Version 16.12.11 is affected.
- Version 17.1.1 is affected.
- Version 17.1.1a is affected.
- Version 17.1.1s is affected.
- Version 17.1.1t is affected.
- Version 17.1.3 is affected.
- Version 17.2.1 is affected.
- Version 17.2.1r is affected.
- Version 17.2.1a is affected.
- Version 17.2.1v is affected.
- Version 17.2.2 is affected.
- Version 17.2.3 is affected.
- Version 17.3.1 is affected.
- Version 17.3.2 is affected.
- Version 17.3.3 is affected.
- Version 17.3.1a is affected.
- Version 17.3.1w is affected.
- Version 17.3.2a is affected.
- Version 17.3.1x is affected.
- Version 17.3.1z is affected.
- Version 17.3.4 is affected.
- Version 17.3.5 is affected.
- Version 17.3.4a is affected.
- Version 17.3.6 is affected.
- Version 17.3.4b is affected.
- Version 17.3.4c is affected.
- Version 17.3.5a is affected.
- Version 17.3.5b is affected.
- Version 17.3.7 is affected.
- Version 17.3.8 is affected.
- Version 17.3.8a is affected.
- Version 17.4.1 is affected.
- Version 17.4.2 is affected.
- Version 17.4.1a is affected.
- Version 17.4.1b is affected.
- Version 17.4.2a is affected.
- Version 17.5.1 is affected.
- Version 17.5.1a is affected.
- Version 17.6.1 is affected.
- Version 17.6.2 is affected.
- Version 17.6.1w is affected.
- Version 17.6.1a is affected.
- Version 17.6.1x is affected.
- Version 17.6.3 is affected.
- Version 17.6.1y is affected.
- Version 17.6.1z is affected.
- Version 17.6.3a is affected.
- Version 17.6.4 is affected.
- Version 17.6.1z1 is affected.
- Version 17.6.5 is affected.
- Version 17.6.6 is affected.
- Version 17.6.6a is affected.
- Version 17.6.5a is affected.
- Version 17.6.7 is affected.
- Version 17.6.8 is affected.
- Version 17.6.8a is affected.
- Version 17.7.1 is affected.
- Version 17.7.1a is affected.
- Version 17.7.1b is affected.
- Version 17.7.2 is affected.
- Version 17.10.1 is affected.
- Version 17.10.1a is affected.
- Version 17.10.1b is affected.
- Version 17.8.1 is affected.
- Version 17.8.1a is affected.
- Version 17.9.1 is affected.
- Version 17.9.1w is affected.
- Version 17.9.2 is affected.
- Version 17.9.1a is affected.
- Version 17.9.1x is affected.
- Version 17.9.1y is affected.
- Version 17.9.3 is affected.
- Version 17.9.2a is affected.
- Version 17.9.1x1 is affected.
- Version 17.9.3a is affected.
- Version 17.9.4 is affected.
- Version 17.9.1y1 is affected.
- Version 17.9.5 is affected.
- Version 17.9.4a is affected.
- Version 17.9.5a is affected.
- Version 17.9.5b is affected.
- Version 17.9.6 is affected.
- Version 17.9.6a is affected.
- Version 17.9.7 is affected.
- Version 17.9.5e is affected.
- Version 17.9.5f is affected.
- Version 17.9.8 is affected.
- Version 17.9.7a is affected.
- Version 17.9.7b is affected.
- Version 17.11.1 is affected.
- Version 17.11.1a is affected.
- Version 17.12.1 is affected.
- Version 17.12.1w is affected.
- Version 17.12.1a is affected.
- Version 17.12.1x is affected.
- Version 17.12.2 is affected.
- Version 17.12.3 is affected.
- Version 17.12.2a is affected.
- Version 17.12.1y is affected.
- Version 17.12.1z is affected.
- Version 17.12.4 is affected.
- Version 17.12.3a is affected.
- Version 17.12.1z1 is affected.
- Version 17.12.1z2 is affected.
- Version 17.12.4a is affected.
- Version 17.12.5 is affected.
- Version 17.12.4b is affected.
- Version 17.12.1z3 is affected.
- Version 17.12.5a is affected.
- Version 17.12.1z4 is affected.
- Version 17.12.6 is affected.
- Version 17.12.5b is affected.
- Version 17.12.5c is affected.
- Version 17.12.6a is affected.
- Version 17.12.5d is affected.
- Version 17.12.1z5 is affected.
- Version 17.12.1z6 is affected.
- Version 17.12.6b is affected.
- Version 17.13.1 is affected.
- Version 17.13.1a is affected.
- Version 17.14.1 is affected.
- Version 17.14.1a is affected.
- Version 17.15.1 is affected.
- Version 17.15.1w is affected.
- Version 17.15.1a is affected.
- Version 17.15.2 is affected.
- Version 17.15.1b is affected.
- Version 17.15.1x is affected.
- Version 17.15.1z is affected.
- Version 17.15.3 is affected.
- Version 17.15.2c is affected.
- Version 17.15.2a is affected.
- Version 17.15.1y is affected.
- Version 17.15.2b is affected.
- Version 17.15.3a is affected.
- Version 17.15.4 is affected.
- Version 17.15.3b is affected.
- Version 17.15.4d is affected.
- Version 17.15.4e is affected.
- Version 17.16.1 is affected.
- Version 17.16.1a is affected.
- Version 17.17.1 is affected.
- Version 17.18.1 is affected.
- Version 17.18.1w is affected.
- Version 17.18.1a is affected.