CVE-2026-20175
Cisco Finesse Remote File Inclusion Vulnerability
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | finesse | to 15.0 (exc) |
| cisco | finesse | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20175 is a Remote File Inclusion vulnerability in Cisco Finesse that allows an unauthenticated remote attacker to load arbitrary files from remote locations into an active user session on an affected device.
This happens because the device does not properly validate user-supplied input in HTTP requests. An attacker who knows the address of the affected device can exploit this by tricking a user into clicking a specially crafted link containing that address.
Successful exploitation could lead to browser-based attacks, including executing arbitrary script code within the affected interface or accessing sensitive information on the device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Cisco Finesse allows an attacker to execute arbitrary script code or access sensitive information by exploiting insufficient validation of user-supplied input. This could potentially lead to unauthorized access to sensitive data.
Such unauthorized access or exposure of sensitive information may impact compliance with data protection standards and regulations like GDPR or HIPAA, which require safeguarding personal and sensitive data against unauthorized access or breaches.
However, the provided information does not explicitly state the direct impact on compliance with these standards or any specific regulatory consequences.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary scripts in the context of the affected Cisco Finesse interface.
Such attacks could lead to unauthorized access to sensitive information on the device or manipulation of the user session.
Because the attacker can load arbitrary remote files, it increases the risk of browser-based attacks that compromise the security and integrity of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, Cisco recommends upgrading Cisco Finesse to the fixed software version 15.0(1)SU1 or later.
No workarounds are available, so applying the software update is the primary and immediate step to fully remediate the issue.