Cisco Finesse RFI: Unauth Browser Script Exec
CVE-2026-20175 Published on June 3, 2026

Cisco Finesse File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

NVD

Vulnerability Analysis

CVE-2026-20175 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Products Associated with CVE-2026-20175

Want to know whenever a new CVE is published for Cisco Finesse? stack.watch will email you.

Cisco Finesse

Affected Versions

Cisco Finesse:

Version 11.0(1)ES_Rollback is affected.
Version 10.5(1)ES4 is affected.
Version 11.6(1)ES3 is affected.
Version 11.0(1)ES2 is affected.
Version 12.0(1)ES2 is affected.
Version 10.5(1)ES3 is affected.
Version 11.0(1) is affected.
Version 11.6(1)FIPS is affected.
Version 11.6(1)ES4 is affected.
Version 11.0(1)ES3 is affected.
Version 10.5(1)ES6 is affected.
Version 11.0(1)ES7 is affected.
Version 11.5(1)ES4 is affected.
Version 10.5(1)ES8 is affected.
Version 11.5(1) is affected.
Version 11.6(1) is affected.
Version 10.5(1)ES10 is affected.
Version 11.6(1)ES2 is affected.
Version 11.6(1)ES is affected.
Version 11.0(1)ES6 is affected.
Version 11.0(1)ES4 is affected.
Version 12.0(1) is affected.
Version 11.6(1)ES7 is affected.
Version 10.5(1)ES7 is affected.
Version 11.6(1)ES8 is affected.
Version 11.5(1)ES1 is affected.
Version 11.6(1)ES1 is affected.
Version 11.5(1)ES5 is affected.
Version 11.0(1)ES1 is affected.
Version 10.5(1) is affected.
Version 11.6(1)ES6 is affected.
Version 10.5(1)ES2 is affected.
Version 12.0(1)ES1 is affected.
Version 11.0(1)ES5 is affected.
Version 10.5(1)ES5 is affected.
Version 11.5(1)ES3 is affected.
Version 11.5(1)ES2 is affected.
Version 10.5(1)ES9 is affected.
Version 11.6(1)ES5 is affected.
Version 11.6(1)ES9 is affected.
Version 11.5(1)ES6 is affected.
Version 10.5(1)ES1 is affected.
Version 12.5(1) is affected.
Version 12.0(1)ES3 is affected.
Version 11.6(1)ES10 is affected.
Version 12.5(1)ES1 is affected.
Version 12.5(1)ES2 is affected.
Version 12.0(1)ES4 is affected.
Version 12.5(1)ES3 is affected.
Version 12.0(1)ES5 is affected.
Version 12.5(1)ES4 is affected.
Version 12.0(1)ES6 is affected.
Version 12.5(1)ES5 is affected.
Version 12.5(1)ES6 is affected.
Version 12.0(1)ES7 is affected.
Version 12.6(1) is affected.
Version 12.5(1)ES7 is affected.
Version 11.6(1)ES11 is affected.
Version 12.6(1)ES1 is affected.
Version 12.0(1)ES8 is affected.
Version 12.5(1)ES8 is affected.
Version 12.6(1)ES2 is affected.
Version 12.6(1)ES3 is affected.
Version 12.6(1)ES4 is affected.
Version 12.6(1)ES5 is affected.
Version 12.5(2) is affected.
Version 12.5(1)_SU is affected.
Version 12.5(1)SU is affected.
Version 12.6(1)ES6 is affected.
Version 12.5(1)SU ES1 is affected.
Version 12.6(1)ES7 is affected.
Version 12.6(1)ES7_ET is affected.
Version 12.6(2) is affected.
Version 12.6(1)ES8 is affected.
Version 12.6(1)ES9 is affected.
Version 12.6(2)ES1 is affected.
Version 12.6(1)ES10 is affected.
Version 12.5(1)SU ES2 is affected.
Version 12.6(1)ES11 is affected.
Version 12.6(2)ES2 is affected.
Version 12.6(2)ES3 is affected.
Version 12.5(1)SU ES3 is affected.
Version 12.6(2)ES4 is affected.
Version 12.6(2)ES5 is affected.
Version 15.0(1) is affected.
Version 12.6(2)ES6 is affected.
Version 15.0(1)ES202508 is affected.
Version 15.0(1)ES202511 is affected.
Version 15.0(1)ES202602 is affected.
Version 15.0(1)SU1 is affected.
Version 12.6(2)ES7 is affected.