CVE-2026-20091

Name of the Vulnerable Software and Affected Versions Cisco FXOS Software (affected versions not specified) Cisco UCS Manager Software (affected versions not specified)

Description A flaw exists in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software that could permit an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user. This issue stems from inadequate validation of user-supplied input within the web interface. An attacker could inject malicious data into specific pages of the interface. A successful exploit might enable the attacker to execute arbitrary script code within the affected interface or gain access to sensitive, browser-based information. The attacker must possess valid credentials for a user account with either Administrator or AAA Administrator privileges to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.