Input Validation Flaw in Cisco Webex App Allows URL Redirection
CVE-2026-20178

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex App
Vendor: CVE Published:; 17 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-20178?

A vulnerability in the browser-based version of the Cisco Webex App enabled potential exploitation by an unauthenticated remote attacker. This flaw was due to improper input validation of URL parameters in HTTP requests. By manipulating these parameters, an attacker could potentially redirect users to a malicious webpage by tricking them into clicking a specially crafted URL. Cisco has released a fix for this vulnerability, and users do not need to take any action. Ensuring all users are on the updated version of the Cisco Webex App can help mitigate this risk.

Affected Version(s)

Cisco Webex App

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 17, 2026
Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20178 Data

JSON