Warning: Critical improper certificate‑validation in CISCO Webex that can lead to user impersonation, Patch Immediately!

• Last update: 17/04/2026
• Affected software:
  → CISCO Webex versions 39.6 - 45.4
• Type: improper certificate‑validation vulnerability (CWE‑295)
• CVE/CVSS
  → CVE-2026-20184: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL

Risks

A critical improper-certificate-validation vulnerability in the SSO (single-sign-on) with Control Hub in CISCO Webex was disclosed by the vendor.
CISCO Webex is a cloud‑based collaboration and communication platform for video meetings.

If an attacker exploits CVE-2026-20184, they could gain unauthorized access to legitimate Cisco Webex services and impersonate any user within the service.

If exploited, this vulnerability could impact all aspects of the CIA triad: confidentiality, integrity, and availability of the affected system. There is no available proof-of-concept or proof-of-exploitation online.

Description

A remote threat actor without privileges or user interaction can connect to a service endpoint and supplying a crafted token to impersonate users, gain access to sensitive information and join meetings without authorization.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-20184