Single Sign-On Vulnerability in Cisco Webex Services
CVE-2026-20184

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 15 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-20184?

A vulnerability in the single sign-on (SSO) integration with Control Hub in Cisco Webex Services allows unauthenticated remote attackers to impersonate legitimate users. This vulnerability arises from improper validation of certificates, enabling attackers to exploit the system by sending specially crafted tokens to a service endpoint, thereby gaining unauthorized access to sensitive services.

Affected Version(s)

Cisco Webex Meetings 39.7.7

Cisco Webex Meetings 39.9

Cisco Webex Meetings 40.4.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 15, 2026
Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20184 Data

JSON