Cisco · Cisco Finesse · CVE-2026-20175
**Name of the Vulnerable Software and Affected Versions**
Cisco Finesse (affected versions not specified)
**Description**
Insufficient validation of user-supplied input for HTTP requests allows an unauthenticated remote attacker to load arbitrary files from remote locations into an active user session. An attacker can exploit this by persuading a user to click a crafted link containing the address of the affected device. This could lead to browser-based attacks, the execution of arbitrary script code within the context of the affected interface, or unauthorized access to sensitive information on the device.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.