top of page
perceptive_background_267k.jpg

Cisco says critical Webex Services flaw requires customer action

Published:

16 April 2026 at 12:01:42

Alert date:

16 April 2026 at 13:01:35

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Enterprise Applications, Identity & Access, Email & Messaging

Cisco has released security updates to address four critical vulnerabilities in its Webex Services platform. The most significant flaw involves improper certificate validation in the cloud-based Webex Services that requires customer action beyond just applying patches. The vulnerabilities pose significant security risks to organizations using Cisco's collaboration platform. Cisco has provided security advisories and remediation guidance for affected customers. Organizations must take immediate action to implement the fixes and follow additional security measures as outlined by Cisco.

Technical details

CVE-2026-20184 is an improper certificate validation flaw in Cisco Webex Services single sign-on (SSO) integration with Control Hub. An attacker can exploit this by connecting to a service endpoint and supplying a crafted token to impersonate any user with no privileges required. Three additional critical vulnerabilities (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186) in Identity Services Engine (ISE) allow arbitrary command execution on the underlying operating system but require administrative credentials.

Mitigation steps:

For customers using SSO integration: upload a new SAML certificate for their identity provider (IdP) to Control Hub to avoid service interruption. Apply security updates released by Cisco to patch all four critical vulnerabilities. Monitor for exploitation attempts targeting the certificate validation flaw and ISE vulnerabilities.

Affected products:

Cisco Webex Services
Cisco Webex Control Hub
Cisco Identity Services Engine (ISE)
Cisco Secure Firewall Management Center (FMC)

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-20184
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ
https://nvd.nist.gov/vuln/detail/CVE-2026-20180
https://nvd.nist.gov/vuln/detail/CVE-2026-20186
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-cisco-flaw-by-sunday/
https://www.bleepingcomputer.com/news/security/interlock-ransomware-exploited-secure-fmc-flaw-in-zero-day-attacks-since-january/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page