CVE-2026-20184
published 2026-04-15CVE-2026-20184: A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.52%
40.2th percentile
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
| cisco | cisco_webex_meetings | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector involves connecting to a Webex SSO/Control Hub service endpoint and supplying a crafted (forged) token — monitor for anomalous or malformed SAML/SSO token submissions to Webex Control Hub endpoints ↗
- →Root cause is improper certificate validation (CWE-295) in SSO/SAML integration with Control Hub — detection should focus on SAML assertions signed by unexpected or untrusted certificates/IdPs being accepted ↗
- →Successful exploitation results in user impersonation within Webex Services — audit Webex access logs for logins from unexpected geographic locations or devices, especially for high-privilege accounts, correlated with SSO authentication events ↗
- →Cisco internal Bug ID CSCwt37111 can be used to cross-reference vendor advisories and threat intelligence feeds for this specific vulnerability ↗
- ·Customer action is required for organizations using SSO integration: a new IdP SAML certificate must be uploaded to Control Hub, or SSO authentication may be disrupted or remain at risk ↗
- ·The server-side fix is cloud-delivered by Cisco; no software patch is required on-premises, but the SAML certificate upload to Control Hub is mandatory for SSO customers to complete remediation ↗
- ·Cisco PSIRT confirmed no evidence of exploitation in the wild at time of advisory publication ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco3.1
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Webex Services Certificate Validation Vulnerability
vendor_cisco·CVSS 3.1
CVE-2026-20184 Cisco Webex Services Certificate Validation Vulnerability
CVE-2026-20184: Cisco Webex Services Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services. Cisco has addressed this vulnerability in the Cisco Webex service. However, customer action is necessary for affected organizations that are using trust anchors with their SSO
GHSA
GHSA-hh5g-g7m5-5vxv: A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote atta
ghsa_unreviewed·2026-04-15
CVE-2026-20184 [CRITICAL] CWE-295 GHSA-hh5g-g7m5-5vxv: A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote atta
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
VulDB
Cisco Webex Meetings up to 45.4 certificate validation (cisco-sa-webex-cui-cert-8jSZYhWL / EUVD-2026-22971)
vuldb·2026-04-15·CVSS 9.8
CVE-2026-20184 [CRITICAL] Cisco Webex Meetings up to 45.4 certificate validation (cisco-sa-webex-cui-cert-8jSZYhWL / EUVD-2026-22971)
A vulnerability has been found in Cisco Webex Meetings and classified as critical. This vulnerability affects unknown code. This manipulation causes improper certificate validation.
This vulnerability is registered as CVE-2026-20184. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
blogs_hackernews·2026-04-20
CVE-2026-20184 ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run. Slower check-ins, multi-stage payloads, andmore code kept in memory. Attackers lean on real tools and normal workflows instead of custom builds. Some cas
Bleepingcomputer
Cisco says critical Webex Services flaw requires customer action
blogs_bleepingcomputer·2026-04-16·CVSS 9.9
[CRITICAL] Cisco says critical Webex Services flaw requires customer action
## Cisco says critical Webex Services flaw requires customer action
## Sergiu Gatlan
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action.
Webex Services is a customer experience platform that unifies communication across hybrid work environments, enabling team members to call, meet, and message each other from any location or device.
Tracked as CVE-2026-20184 , the Webex vulnerability was found in the single sign-on (SSO) integration with Control Hub (a web-based portal that helps IT admins manage Webex settings) and allows remote attackers with no privileges to impersonate any user.
"Prior to this vulnerability being
Hackernews
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
blogs_hackernews·2026-04-16·CVSS 9.9
[CRITICAL] Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.
The details of the vulnerabilities are below -
CVE-2026-20184 (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO) with Control Hub in Webex Services that could allow an unauthenticated, remote attacker to impersonate any user within the service and gain unauthorized access t
2026-04-15
Published