File Upload Vulnerability in Cisco Enterprise Chat and Email Lite Agent
CVE-2026-20172

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Enterprise Chat And Email
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20172?

A vulnerability in the Lite Agent feature of Cisco's Enterprise Chat and Email allows authenticated remote attackers with valid user credentials to execute malicious scripts through inadequate validation of file contents during upload operations. By uploading crafted files containing harmful scripts or HTML code, attackers can make these files accessible to other users, leading to potential browser-based attacks that execute the malicious content within user browsers.

Affected Version(s)

Cisco Enterprise Chat and Email 11.6(1)_ES3

Cisco Enterprise Chat and Email 11.6(1)_ES4

Cisco Enterprise Chat and Email 12.0(1)_ES6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 6, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20172 Data

JSON