CVE-2026-20184
Published: 15 April 2026
Summary
CVE-2026-20184 is a critical-severity Improper Certificate Validation (CWE-295) vulnerability in Cisco Webex Services (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SC-17 (Public Key Infrastructure Certificates).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of public key infrastructure certificates under defined conditions, directly addressing improper certificate validation that enables crafted tokens to impersonate users in SSO.
Mandates controls to protect the confidentiality, integrity, and availability of authentication processes for identity providers and authorization servers, mitigating SSO integration flaws like certificate validation failures.
Provides mechanisms to assure communications session authenticity, helping prevent impersonation attacks exploiting crafted tokens in SSO sessions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper cert validation in public SSO endpoint directly enables remote unauthenticated impersonation via crafted tokens (SAML/web credentials) and exploitation of exposed service.
NVD Description
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to…
more
this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Deeper analysisAI
CVE-2026-20184 is a vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services, caused by improper certificate validation (CWE-295). Published on 2026-04-15, it enables an unauthenticated, remote attacker to impersonate any user within the service by exploiting flawed validation mechanisms.
An unauthenticated, remote attacker can exploit this vulnerability by connecting to a service endpoint and supplying a crafted token. Successful exploitation allows the attacker to gain unauthorized access to legitimate Cisco Webex services, potentially compromising confidentiality, integrity, and availability. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to low attack complexity and lack of prerequisites.
Cisco has published a security advisory providing details on the vulnerability and mitigation, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL.
Details
- CWE(s)