SSO Impersonation via Improper Cert Validation in Cisco Webex Control Hub
CVE-2026-20184 Published on April 15, 2026
Cisco Webex Meetings Certificate Validation Vulnerability
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Vulnerability Analysis
CVE-2026-20184 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Certificate Validation
The software does not validate, or incorrectly validates, a certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
Products Associated with CVE-2026-20184
Want to know whenever a new CVE is published for Cisco Webex Meetings? stack.watch will email you.
Affected Versions
Cisco Webex Meetings:- Version 39.7.7 is affected.
- Version 39.9 is affected.
- Version 40.4.10 is affected.
- Version 39.6 is affected.
- Version 40.6.2 is affected.
- Version 39.8.2 is affected.
- Version 39.8.4 is affected.
- Version 40.1 is affected.
- Version 39.11 is affected.
- Version 39.7.4 is affected.
- Version 39.9.1 is affected.
- Version 40.4 is affected.
- Version 40.6 is affected.
- Version 39.7 is affected.
- Version 39.8 is affected.
- Version 39.8.3 is affected.
- Version 40.2 is affected.
- Version 39.10 is affected.
- Version 42.6 is affected.
- Version 42.7 is affected.
- Version 42.8 is affected.
- Version 42.9 is affected.
- Version 42.10 is affected.
- Version 42.11 is affected.
- Version 42.12 is affected.
- Version 43.1 is affected.
- Version 43.2 is affected.
- Version 43.3 is affected.
- Version 43.4 is affected.
- Version 43.4.1 is affected.
- Version 43.4.2 is affected.
- Version 43.5.0 is affected.
- Version 43.6.0 is affected.
- Version 43.6.1 is affected.
- Version 43.7 is affected.
- Version 43.8 is affected.
- Version 43.9 is affected.
- Version 43.10 is affected.
- Version 43.11 is affected.
- Version 43.12 is affected.
- Version 44.1 is affected.
- Version 44.2 is affected.
- Version 44.3 is affected.
- Version 44.4 is affected.
- Version 44.5 is affected.
- Version 44.6 is affected.
- Version 44.7 is affected.
- Version 44.8 is affected.
- Version 44.9 is affected.
- Version 44.10 is affected.
- Version 44.11 is affected.
- Version 44.12 is affected.
- Version 45.1 is affected.
- Version 45.2 is affected.
- Version 45.3 is affected.
- Version 45.4 is affected.