Back

Critical Vulnerability in Cisco Webex Allows User Impersonation

Severity: High (Score: 72.6)

Sources: Csoonline, Ccb.Belgium.Be

Summary

Cisco Systems issued an advisory on April 15, 2026, regarding a critical vulnerability (CVE-2026-20184) in its Webex platform, specifically affecting the single sign-on (SSO) integration with Control Hub. This flaw allows unauthenticated remote attackers to impersonate any user within the service, posing significant risks to user confidentiality and system integrity. The vulnerability has a CVSS score of 9.8, indicating a high severity level. Cisco has patched its cloud service, but administrators must manually upload a new SAML certificate to mitigate the risk. Failure to do so could result in loss of access control for users. The Centre for Cybersecurity Belgium has recommended immediate patching and enhanced monitoring for affected organizations. There is currently no proof-of-concept or evidence of exploitation in the wild. The vulnerability impacts all users of Cisco Webex services that utilize SSO. Key Points: • CVE-2026-20184 allows remote user impersonation in Cisco Webex services. • Cisco has issued a patch, but admins must manually update SAML certificates. • Immediate action is recommended to prevent unauthorized access and potential data breaches.

Key Entities

  • Zero-day Exploit (attack_type)
  • Cisco (company)
  • CVE-2026-20147 (cve)
  • CVE-2026-20148 (cve)
  • CVE-2026-20180 (cve)
  • CVE-2026-20184 (cve)
  • CVE-2026-20186 (cve)
  • CWE-22 - Path Traversal (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • Cwe-295 - Improper Certificate Validation (cwe)
  • T1078 - Valid Accounts (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • Cisco ISE (platform)
  • Cisco WebEx (platform)
  • Webex (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed