CVE-2026-20112

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the web-based management interface of the Cisco IOx application hosting environment. This issue could allow a remote attacker with valid administrative credentials to execute a stored cross-site scripting (XSS) attack against a user. The root cause is insufficient validation of user-supplied input. A successful exploit could allow the attacker to execute arbitrary script code within the affected interface or gain access to sensitive information accessible through the browser. The attacker must possess valid administrative credentials to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.