Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company’s cloud-based Webex Services platform that requires further customer action.
Webex Services is a customer experience platform that unifies communication across hybrid work environments, enabling team members to call, meet, and message each other from any location or device.
Tracked as CVE-2026-20184, the Webex vulnerability was found in the single sign-on (SSO) integration with Control Hub (a web-based portal that helps IT admins manage Webex settings) and allows remote attackers with no privileges to impersonate any user.
“Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token,” Cisco explained in a Wednesday advisory. “A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.”
While the company has already addressed this security flaw in the Cisco Webex service, it warned customers who use SSO integration that they must upload a new SAML certificate for their identity provider (IdP) to Control Hub to avoid service interruption.
On Wednesday, the company also patched three critical security flaws (CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186) in the Identity Services Engine (ISE) security policy management platform.
Attackers could exploit these vulnerabilities to execute arbitrary commands on the underlying operating system regardless of device configuration; however, successful exploitation requires administrative credentials on the targeted systems.
The complete list of security issues addressed this week also includes 10 medium-severity flaws that can be abused to bypass authentication, escalate privileges, and trigger denial-of-service states.
Cisco also added that its Product Security Incident Response Team (PSIRT) had no evidence that any of them had been exploited in attacks.
Last month, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch a maximum-severity vulnerability (CVE-2026-20131) in Cisco’s Secure Firewall Management Center (FMC) that had been exploited as a zero-day in Interlock ransomware attacks since late January 2026.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
