Medium6.1Cisco Updated
Cisco Integrated Management Controller Cross-Site Scripting Vulnerabilities
cisco-sa-cimc-xss-A2tkgVAB Published Apr 22, 2026Updated by vendor Apr 22, 2026
CVE-2026-20085CVE-2026-20087CVE-2026-20088CVE-2026-20089CVE-2026-20090
Affected products & platforms
CiscoUnclassified
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
Affected versions
- Scope: At the time of publication, these vulnerabilities affected the following Cisco products if they were running a vulnerable release of Cisco IMC, regardless of device configuration: Product CVE IDs Cisco Bug IDs 5000 Series Enterprise Network Compute Systems (ENCS) CVE-2026-20085
- Release 4.15 and earlier (first fixed: 4.15.5)
- 4.16 and earlier — Migrate to a fixed release
- Release 4.18 (first fixed: 4.18.3 (Apr 2026))
- 4.2 and earlier — Migrate to a fixed release
- Release 4.3 (first fixed: 4.3(2.260007))
- 4.2 and earlier — Migrate to a fixed release
- Release 4.3 (first fixed: 4.3(6.260017))
- Release 6.0 (first fixed: 6.0(2.260044))
- Release 3.2 and earlier (first fixed: 3.2.17)
- Release 4.15 and earlier (first fixed: 4.15.3)
- 4.2 and earlier — Migrate to a fixed release
- Release 4.3 (first fixed: 4.3(6.260017))
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 4.15.5
- 4.18.3 (Apr 2026)
- 4.3(2.260007)
- 4.3(6.260017)
- 6.0(2.260044)
- 3.2.17
- 4.15.3
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 4.15 and earlier: upgrade to 4.15.5.
- Release 4.16 and earlier: migrate to a fixed release.
- Release 4.18: upgrade to 4.18.3 (Apr 2026).
- Release 4.2 and earlier: migrate to a fixed release.
- Release 4.3: upgrade to 4.3(2.260007).
- Release 4.2 and earlier: migrate to a fixed release.
- Release 4.3: upgrade to 4.3(6.260017).
- Release 6.0: upgrade to 6.0(2.260044).
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.