CVE-2026-20132

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description Multiple issues in the web-based management interface exist due to insufficient sanitization of user-supplied data stored in web pages. An authenticated remote attacker with administrative write privileges can conduct stored or reflected cross-site scripting (XSS) attacks—a technique where malicious scripts are injected into trusted websites. Exploitation occurs when a user is convinced to click a specific link or view an affected page, potentially executing script code in the context of the management interface or allowing access to sensitive browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.