{"api_version":"1","generated_at":"2026-04-15T21:28:29+00:00","cve":"CVE-2026-20184","urls":{"html":"https://cve.report/CVE-2026-20184","api":"https://cve.report/api/cve/CVE-2026-20184.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-20184","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-20184"},"summary":{"title":"Cisco Webex Meetings Certificate Validation Vulnerability","description":"A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\r\n\r\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.","state":"PUBLISHED","assigner":"cisco","published_at":"2026-04-15 17:17:03","updated_at":"2026-04-15 17:17:03"},"problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":[{"version":"3.1","source":"psirt@cisco.com","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSSV3_1","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL","refsource":"psirt@cisco.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-20184","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20184","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.7.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 40.4.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 40.6.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.8.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.8.4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 40.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.7.4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.9.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 40.4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 40.6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.8.3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 40.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 39.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 42.12","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.4.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.4.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.5.0","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.6.0","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.6.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 43.12","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 44.12","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 45.1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 45.2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 45.3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Webex Meetings","version":"affected 45.4","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[{"source":"CNA","title":"","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-20184","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-15T16:45:03.876078Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-15T16:56:34.703Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Cisco Webex Meetings","vendor":"Cisco","versions":[{"status":"affected","version":"39.7.7"},{"status":"affected","version":"39.9"},{"status":"affected","version":"40.4.10"},{"status":"affected","version":"39.6"},{"status":"affected","version":"40.6.2"},{"status":"affected","version":"39.8.2"},{"status":"affected","version":"39.8.4"},{"status":"affected","version":"40.1"},{"status":"affected","version":"39.11"},{"status":"affected","version":"39.7.4"},{"status":"affected","version":"39.9.1"},{"status":"affected","version":"40.4"},{"status":"affected","version":"40.6"},{"status":"affected","version":"39.7"},{"status":"affected","version":"39.8"},{"status":"affected","version":"39.8.3"},{"status":"affected","version":"40.2"},{"status":"affected","version":"39.10"},{"status":"affected","version":"42.6"},{"status":"affected","version":"42.7"},{"status":"affected","version":"42.8"},{"status":"affected","version":"42.9"},{"status":"affected","version":"42.10"},{"status":"affected","version":"42.11"},{"status":"affected","version":"42.12"},{"status":"affected","version":"43.1"},{"status":"affected","version":"43.2"},{"status":"affected","version":"43.3"},{"status":"affected","version":"43.4"},{"status":"affected","version":"43.4.1"},{"status":"affected","version":"43.4.2"},{"status":"affected","version":"43.5.0"},{"status":"affected","version":"43.6.0"},{"status":"affected","version":"43.6.1"},{"status":"affected","version":"43.7"},{"status":"affected","version":"43.8"},{"status":"affected","version":"43.9"},{"status":"affected","version":"43.10"},{"status":"affected","version":"43.11"},{"status":"affected","version":"43.12"},{"status":"affected","version":"44.1"},{"status":"affected","version":"44.2"},{"status":"affected","version":"44.3"},{"status":"affected","version":"44.4"},{"status":"affected","version":"44.5"},{"status":"affected","version":"44.6"},{"status":"affected","version":"44.7"},{"status":"affected","version":"44.8"},{"status":"affected","version":"44.9"},{"status":"affected","version":"44.10"},{"status":"affected","version":"44.11"},{"status":"affected","version":"44.12"},{"status":"affected","version":"45.1"},{"status":"affected","version":"45.2"},{"status":"affected","version":"45.3"},{"status":"affected","version":"45.4"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\r\n\r\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services."}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"cvssV3_1"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"Improper Certificate Validation","lang":"en","type":"cwe"}]}],"providerMetadata":{"dateUpdated":"2026-04-15T16:03:59.646Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"cisco-sa-webex-cui-cert-8jSZYhWL","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL"}],"source":{"advisory":"cisco-sa-webex-cui-cert-8jSZYhWL","defects":["CSCwt37111"],"discovery":"INTERNAL"},"title":"Cisco Webex Meetings Certificate Validation Vulnerability"}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2026-20184","datePublished":"2026-04-15T16:03:59.646Z","dateReserved":"2025-10-08T11:59:15.394Z","dateUpdated":"2026-04-15T16:56:34.703Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-15 17:17:03","lastModifiedDate":"2026-04-15 17:17:03","problem_types":["CWE-295","CWE-295 Improper Certificate Validation"],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"20184","Ordinal":"1","Title":"Cisco Webex Meetings Certificate Validation Vulnerability","CVE":"CVE-2026-20184","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"20184","Ordinal":"1","NoteData":"A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\r\n\r\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.","Type":"Description","Title":"Cisco Webex Meetings Certificate Validation Vulnerability"}]}}}