CVE-2026-20184
Published: 15 April 2026
Summary
CVE-2026-20184 is a critical-severity Improper Certificate Validation (CWE-295) vulnerability in Cisco Webex Services (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SC-17 (Public Key Infrastructure Certificates).
Deeper analysis
CVE-2026-20184 is a vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services, caused by improper certificate validation (CWE-295). Published on 2026-04-15, it enables an unauthenticated, remote attacker to impersonate any user within the service by exploiting flawed validation mechanisms.
An unauthenticated, remote attacker can exploit this vulnerability by connecting to a service endpoint and supplying a crafted token. Successful exploitation allows the attacker to gain unauthorized access to legitimate Cisco Webex services, potentially compromising confidentiality, integrity, and availability. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting its critical severity due to low attack complexity and lack of prerequisites.
Cisco has published a security advisory providing details on the vulnerability and mitigation, available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-22971
Vulnerability details
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to…
more
this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper cert validation in public SSO endpoint directly enables remote unauthenticated impersonation via crafted tokens (SAML/web credentials) and exploitation of exposed service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of public key infrastructure certificates under defined conditions, directly addressing improper certificate validation that enables crafted tokens to impersonate users in SSO.
Mandates controls to protect the confidentiality, integrity, and availability of authentication processes for identity providers and authorization servers, mitigating SSO integration flaws like certificate validation failures.
Provides mechanisms to assure communications session authenticity, helping prevent impersonation attacks exploiting crafted tokens in SSO sessions.