Home / Vulnerability Intelligence / CVE-2026-20184

CVE-2026-20184 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 17, 2026

Cisco Webex Services - Authentication Bypass

Published: April 15, 2026Updated: April 17, 2026Remote Exploitable

Overview

Cisco Webex Services contains an authentication bypass caused by improper certificate validation in single sign-on integration with Control Hub, letting unauthenticated remote attackers impersonate any user, exploit requires crafted token submission.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 6.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can impersonate any user, gaining unauthorized access to Cisco Webex services.

Mitigation

Update to the latest version with proper certificate validation fixes.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 17, 2026

🔴 CVE-2026-20184 - Critical (9.8) A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of imprope... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-20184/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-20184
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 6.7%
Social Posts: 1

CWE

CWE-295

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.7%Probability of exploitation in the next 30 days