CVE-2026-20184Improper Certificate Validation in Cisco Webex Meetings

CWE-295Improper Certificate Validation6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 84.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex Meetings
Timeline
PublishedApr 15
Latest updateApr 16

Description

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unau

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

CVEListV5cisco/cisco_webex_meetings56 versions+55

🔴Vulnerability Details

3
GHSA
GHSA-hh5g-g7m5-5vxv: A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote atta2026-04-15
VulDB
Cisco Webex Meetings up to 45.4 certificate validation (cisco-sa-webex-cui-cert-8jSZYhWL / EUVD-2026-22971)2026-04-15
CVEList
Cisco Webex Meetings Certificate Validation Vulnerability2026-04-15

🕵️Threat Intelligence

1
Hackernews
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution2026-04-16
CVE-2026-20184 — Improper Certificate Validation | cvebase