Urgent Action Required: Remote User Impersonation Flaw in Cisco Webex Services

Published Date: April 20, 2026
Category: ShadowOpsIntel
Share:

Cisco has disclosed a severe security weakness in its cloud-based Webex Services. The flaw stems from improper certificate validation within the single sign-on (SSO) integration with Control Hub. If exploited, an unauthenticated remote attacker could impersonate any user, gaining unauthorized access to sensitive service environments.

Severity: Critical

Vulnerability Overview

  • CVE ID: CVE-2026-20184
  • CVSS Score: 9.8
  • CWE: CWE-295 (Improper Certificate Validation)
  • Description: Improper certificate validation in the SSO (Single Sign-On) integration with Cisco Webex Control Hub. An unauthenticated remote attacker could impersonate any user within the service by connecting to a service endpoint and supplying a crafted token.
  • Impact: Full user impersonation → unauthorized access to Webex services.
  • Exploitation: Cisco PSIRT reports no known public announcements or malicious use at time of publication.
  • Patch Urgency: Despite no known exploitation, CVSS 9.8 with zero authentication barrier makes this a high-priority remediation item.

Affected Products

  • Product: Cisco Webex Services (cloud-based only)
  • Condition: Only deployments using trust anchors within their SSO/SAML integration with Control Hub are affected
  • Scope: Organizations not using trust anchors are not affected

Mitigation & Remediation

  • Fix: Cisco has patched the vulnerability server-side in the Webex cloud service.
  • Customer Action Required: Organizations using trust anchors must upload a new IdP SAML certificate to Control Hub to avoid service interruption. For more information, check https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#Cisco_Task_in_List_GUI.dita_07fbdc21-41a0-482f-99dc-b8c17adbd087
  • Workarounds: None available.
  • How to check exposure: Log in to Webex Control Hub and verify the SSO trust anchor configuration.

Source:

  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

 Talk to an expert