CVE-2026-20184CRITICAL 9.8EPSS p39.9%

CVE-2026-20184CVE-2026-20184

Description

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.52% probability of exploitation · percentile 39.9% · 2026-06-21T12:00:28Z
Published2026-04-15
Last modified2026-04-17

Underlying weaknesses· 1

CWE-295

References

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

1

TypeTargetConfidenceTier
WeaknessImproper Certificate Validationcwe-2950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-20233
CVE
CVE-2026-20223
CVE
CVE-2026-41103
CVE
CVE-2026-20098
CVE
CVE-2025-46788
CVE
CVE-2026-1529
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.