CVE-2026-20184 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 15, 2026
Cisco Webex Services - Authentication Bypass
Published: April 15, 2026Updated: April 15, 2026Remote Exploitable
Overview
Cisco Webex Services contains an authentication bypass caused by improper certificate validation in single sign-on integration with Control Hub, letting unauthenticated remote attackers impersonate any user, exploit requires crafted token submission.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Unauthenticated attackers can impersonate any user, gaining unauthorized access to Cisco Webex services.
Mitigation
Update to the latest version with proper certificate validation fixes.
Related Resources
Details
- CVE ID
- CVE-2026-20184
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- new
CWE
- CWE-295
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H