CVE-2026-20184

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings versions 39.6 through 45.4

Description An issue in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could allow an unauthenticated, remote attacker to impersonate any user within the service. This occurs due to improper certificate validation. An attacker could exploit this by connecting to a service endpoint and supplying a crafted token, resulting in unauthorized access to legitimate Cisco Webex services.

Recommendations Apply the latest patches released by Cisco for versions 39.6 through 45.4. Perform a manual certificate update in Control Hub. Rotate SAML certificates and review identity provider configurations.