Urgent Action Required: Remote User Impersonation Flaw in Cisco Webex Services

Published Date: April 20, 2026
Category: ShadowOpsIntel
Share:

Cisco has disclosed a severe security weakness in its cloud-based Webex Services. The flaw stems from improper certificate validation within the single sign-on (SSO) integration with Control Hub. If exploited, an unauthenticated remote attacker could impersonate any user, gaining unauthorized access to sensitive service environments.

Severity: Critical

Vulnerability Overview

  • CVE ID: CVE-2026-20184
  • CVSS Score: 9.8
  • CWE: CWE-295 (Improper Certificate Validation)
  • Description: Improper certificate validation in the SSO (Single Sign-On) integration with Cisco Webex Control Hub. An unauthenticated remote attacker could impersonate any user within the service by connecting to a service endpoint and supplying a crafted token.
  • Impact: Full user impersonation → unauthorized access to Webex services.
  • Exploitation: Cisco PSIRT reports no known public announcements or malicious use at time of publication.
  • Patch Urgency: Despite no known exploitation, CVSS 9.8 with zero authentication barrier makes this a high-priority remediation item.

Affected Products

  • Product: Cisco Webex Services (cloud-based only)
  • Condition: Only deployments using trust anchors within their SSO/SAML integration with Control Hub are affected
  • Scope: Organizations not using trust anchors are not affected

Mitigation & Remediation

  • Fix: Cisco has patched the vulnerability server-side in the Webex cloud service.
  • Customer Action Required: Organizations using trust anchors must upload a new IdP SAML certificate to Control Hub to avoid service interruption. For more information, check https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#Cisco_Task_in_List_GUI.dita_07fbdc21-41a0-482f-99dc-b8c17adbd087
  • Workarounds: None available.
  • How to check exposure: Log in to Webex Control Hub and verify the SSO trust anchor configuration.

Source:

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

×

7th August 2026

New Delhi, India

Know more
Talk to an expert