Cross-Site Scripting Vulnerability in Cisco Contact Center Products
CVE-2026-20116

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Contact Center Express
Vendor: CVE Published:; 11 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20116?

A vulnerability in the web-based management interface of Cisco Contact Center products allows remote attackers to exploit inadequate validation of user-supplied input. This weakness can be leveraged to perform cross-site scripting (XSS) attacks, enabling malicious actors to inject harmful scripts into specific interface pages. Consequently, attackers may execute arbitrary script code within the context of the interface or gain access to sensitive information on the user's browser, posing significant security risks.

Affected Version(s)

Cisco Unified Contact Center Express 10.5(1)SU1

Cisco Unified Contact Center Express 10.6(1)

Cisco Unified Contact Center Express 11.6(1)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 11, 2026
Vulnerability published
Mar 11, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20116 Data

JSON