【Vulnerability Alert】Major Security Vulnerability in Cisco Webex Services (CVE-2026-20184)

• Subject: 【Vulnerability Alert】Major Security Vulnerability in Cisco Webex Services (CVE-2026-20184)

• Description:
  • Forwarded from TWCERT/CC Security Alert: TWCERTCC-200-202604-00000019
  • Cisco has recently released a critical security vulnerability advisory (CVE-2026-20184, CVSS: 9.8). This vulnerability stems from improper certificate validation during the integration process between Cisco Webex Services Single Sign-On (SSO) and Control Hub. It could allow an unauthenticated remote attacker to impersonate any user within the service.
• Affected Platforms:
  • Cisco Webex Services when configured to integrate via SSO with Control Hub.
• Recommended Actions:
  • Apply patches according to the solutions released on the official website.
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
• Reference:
  1. https://www.twcert.org.tw/tw/cp-169-10850-80e46-1.html

Computer and Communication Center
Network Systems Division