Cisco Webex Meetings Cross-Site Scripting Vulnerability
CVE-2026-20233

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Webex Meetings
Vendor: CVE Published:; 3 June 2026

Badges

👾 Exploit Exists

What is CVE-2026-20233?

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed.

This vulnerability existed because of insufficient validation of user input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.

Affected Version(s)

Cisco Webex Meetings 39.7.7

Cisco Webex Meetings 39.9

Cisco Webex Meetings 40.4.10

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 3, 2026
Vulnerability published
Jun 3, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20233 Data

JSON