CVE-2026-20184

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings versions 39.6 through 45.4

Description An issue in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services allows an unauthenticated, remote attacker to impersonate any user within the service. This occurs due to improper certificate validation. An attacker can exploit this by connecting to a service endpoint and providing a crafted token, potentially gaining unauthorized access to legitimate Cisco Webex services.

Recommendations For versions 39.6 through 45.4, apply the latest patches released by Cisco. Update SAML certificates and rotate them immediately in Control Hub. Review identity provider configurations to ensure proper security.