PatchSiren cyber security CVE debrief
CVE-2026-20111 Cisco CVE debrief
CVE-2026-20111 is a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Prime Infrastructure. An authenticated, remote attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface, allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information. The vulnerability exists due to improper validation of user-supplied input. To exploit this vulnerability, an attacker must have valid administrative credentials. Cisco has released security updates to address this vulnerability.
- Vendor
- Cisco
- Product
- Prime Infrastructure
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-04
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-02-04
- Advisory updated
- 2026-06-29
Who should care
Administrators and users of Cisco Prime Infrastructure are advised to take immediate action to mitigate this vulnerability. This vulnerability could be exploited by an attacker with valid administrative credentials, potentially leading to unauthorized access or manipulation of sensitive information. Cisco Prime Infrastructure users should review and apply the necessary security updates provided by Cisco.
Technical summary
The vulnerability is caused by insufficient validation of user-supplied input in the web-based management interface of Cisco Prime Infrastructure. This allows an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface. The CVSS score for this vulnerability is 4.8, indicating a medium severity level. The Common Vulnerability Scoring System (CVSS) vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.
Defensive priority
This vulnerability has a medium severity level with a CVSS score of 4.8. Cisco Prime Infrastructure administrators should prioritize applying security updates to prevent potential exploitation.
Recommended defensive actions
- Apply security updates provided by Cisco to address this vulnerability.
- Review and update administrative credentials to prevent unauthorized access.
- Implement additional security measures, such as monitoring and incident response planning, to detect and respond to potential exploitation attempts.
- Conduct regular vulnerability assessments and penetration testing to identify and address potential vulnerabilities.
- Ensure that all users of Cisco Prime Infrastructure are aware of this vulnerability and the necessary steps to mitigate it.
Evidence notes
The CVE-2026-20111 vulnerability was published on February 4, 2026, and last modified on June 29, 2026. The vulnerability is caused by insufficient validation of user-supplied input in the web-based management interface of Cisco Prime Infrastructure. Cisco has released security updates to address this vulnerability, which can be found in their security advisory.
Official resources
-
CVE-2026-20111 CVE record
CVE.org
-
CVE-2026-20111 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.