CVE-2026-20184
Received Received - Intake
Improper Certificate Validation in Cisco Webex SSO Enables Impersonation

Publication date: 2026-04-15

Last updated on: 2026-04-15

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-15
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20184
EUVD
EUVD-2026-22971
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco webex_services *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Cisco Webex Services allows an unauthenticated, remote attacker to impersonate any user and gain unauthorized access to legitimate services due to improper certificate validation in SSO integration.

Such unauthorized access could potentially lead to exposure or compromise of sensitive personal or protected health information, which may impact compliance with regulations like GDPR and HIPAA that require strict access controls and protection of user data.

Therefore, until the vulnerability is remediated by updating the identity provider SAML certificate and applying Cisco's fixes, affected organizations could be at risk of non-compliance with these standards due to the increased risk of data breaches or unauthorized data access.

Executive Summary

CVE-2026-20184 is a critical vulnerability in Cisco Webex Services involving improper certificate validation in the integration of single sign-on (SSO) with Control Hub.

This flaw allowed an unauthenticated, remote attacker to impersonate any user within the Webex service by connecting to a service endpoint and supplying a crafted token.

Successful exploitation could grant unauthorized access to legitimate Cisco Webex services.

Impact Analysis

This vulnerability can have a severe impact as it allows an unauthenticated attacker to impersonate any user within Cisco Webex Services.

  • Unauthorized access to legitimate Webex services.
  • Potential exposure of sensitive communications and data within the Webex environment.
  • Complete compromise of confidentiality, integrity, and availability of affected services, as indicated by the high CVSS score (9.8) with high impact on confidentiality, integrity, and availability.
Detection Guidance

There are no specific detection commands or methods provided to identify this vulnerability on your network or system.

The vulnerability involves improper certificate validation in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services, which is a cloud-based service. Detection would likely require monitoring for unauthorized access attempts or crafted tokens supplied to service endpoints, but no explicit detection commands are given.

Mitigation Strategies

To mitigate this vulnerability, affected customers must upload a new identity provider (IdP) SAML certificate to Control Hub.

Cisco has addressed the vulnerability in the Webex service itself, and no workarounds are available.

Customers requiring assistance are advised to contact Cisco Technical Assistance Center (TAC) or their maintenance providers for guidance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20184. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart