CVE-2026-20149
Cross-Site Scripting in Cisco Webex via Improper Input Filtering
Publication date: 2026-03-04
Last updated on: 2026-03-09
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | webex | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is in the cloud-based Cisco Webex service and involves a cross-site scripting (XSS) attack via malicious links. Detection would typically involve monitoring for suspicious URLs or user reports of unexpected script execution in Webex sessions.
However, there are no specific detection commands or tools provided for identifying this vulnerability on your network or system.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-20149 is a medium-severity cross-site scripting (XSS) vulnerability in Cisco Webex Services. It occurs because the service improperly filters user-supplied input, allowing an unauthenticated remote attacker to trick a user into clicking a malicious link.'}, {'type': 'paragraph', 'content': "If exploited, the attacker could execute arbitrary scripts within the context of the targeted user's browser session, potentially compromising the user's interaction with the Webex service."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability could allow an attacker to perform cross-site scripting attacks by persuading a user to click a malicious link, leading to the execution of arbitrary scripts in the user's browser."}, {'type': 'paragraph', 'content': "Such an attack could impact the confidentiality and integrity of the user's data within the Webex session, although it does not affect availability."}, {'type': 'paragraph', 'content': 'However, Cisco has addressed this vulnerability in the Webex cloud service, and no customer action or software updates are required.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
Cisco has addressed this vulnerability in the Webex cloud service, and no customer action or software updates are required for on-premises devices.
There are no available workarounds to mitigate this issue, and Cisco PSIRT is not aware of any public exploitation or malicious use of this vulnerability.
If further assistance is needed, customers are advised to contact Cisco Technical Assistance Center (TAC) or their maintenance providers.