CVE-2026-20184

Received
Published: 15 Apr 2026, 16:03
Last modified:15 Apr 2026, 16:56

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Apr 2026, 16:03
Published
Vulnerability first disclosed
15 Apr 2026, 16:56
Last Modified
Vulnerability information updated

Description

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Techniques & Countermeasures

  • CWE-295Improper Certificate Validation

    The product does not validate, or incorrectly validates, a certificate.

Affected Systems

  • ciscocisco webex meetings

    39.7.7 | 39.9 | 40.4.10 | 39.6 | 40.6.2 | 39.8.2 | 39.8.4 | 40.1 | 39.11 | 39.7.4 | 39.9.1 | 40.4 | 40.6 | 39.7 | 39.8 | 39.8.3 | 40.2 | 39.10 | 42.6 | 42.7 | 42.8 | 42.9 | 42.10 | 42.11 | 42.12 | 43.1 | 43.2 | 43.3 | 43.4 | 43.4.1 | 43.4.2 | 43.5.0 | 43.6.0 | 43.6.1 | 43.7 | 43.8 | 43.9 | 43.10 | 43.11 | 43.12 | 44.1 | 44.2 | 44.3 | 44.4 | 44.5 | 44.6 | 44.7 | 44.8 | 44.9 | 44.10 | 44.11 | 44.12 | 45.1 | 45.2 | 45.3 | 45.4

References (1)