Cross-site Scripting Vulnerability in Cisco Identity Services Engine
CVE-2026-20132

4.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Identity Services Engine Software
Vendor: CVE Published:; 15 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-20132?

The web-based management interface for Cisco Identity Services Engine (ISE) has multiple vulnerabilities that allow an authenticated remote attacker with administrative write privileges to execute stored and reflected cross-site scripting (XSS) attacks. This is primarily due to insufficient sanitization of user-supplied data stored in the web page. An attacker could exploit these weaknesses by persuading users to click on malicious links or access compromised web pages, potentially leading to the execution of injected script code within the interface context or gaining access to sensitive browser information.

Affected Version(s)

Cisco Identity Services Engine Software 3.1.0

Cisco Identity Services Engine Software 3.1.0 p1

Cisco Identity Services Engine Software 3.1.0 p3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 15, 2026
Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20132 Data

JSON