Critical Improper Certificate Validation in Cisco Webex Allows User Impersonation (CVSS 9.8)
Summary
The Centre for Cybersecurity Belgium issued a critical security warning for CVE-2026-20184, an improper certificate-validation vulnerability (CWE-295) affecting Cisco Webex versions 39.6 through 45.4. The vulnerability carries a CVSS 9.8 score and enables remote, unauthenticated attackers to impersonate any user within the Cisco Webex service by supplying a crafted token during SSO with Control Hub, potentially compromising confidentiality, integrity, and availability. CCB strongly recommends installing vendor updates with highest priority and upscaling monitoring and detection capabilities to identify suspicious activity.
“A remote threat actor without privileges or user interaction can connect to a service endpoint and supplying a crafted token to impersonate users, gain access to sensitive information and join meetings without authorization.”
Organizations using Cisco Webex with SSO and Control Hub should verify their current version against the affected range (39.6–45.4) and prioritize patching after testing. Given the critical CVSS 9.8 rating and the ability for unauthenticated remote exploitation, affected entities should also review access logs for any anomalous SSO tokens or unauthorized meeting joins that may indicate exploitation occurred before patching was applied.
About this source
GovPing monitors Belgium CCB News alt for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.
What changed
CCB published a critical security warning for CVE-2026-20184, an improper certificate-validation vulnerability in Cisco Webex's SSO with Control Hub functionality affecting versions 39.6 through 45.4. The flaw carries a CVSS 9.8 (Critical) rating and allows a remote, unauthenticated attacker to impersonate any user by supplying a crafted token to a service endpoint, potentially gaining unauthorized access to sensitive information and meetings. All organizations running affected Cisco Webex deployments should apply vendor-released patches immediately and enhance monitoring to detect any related intrusion activity.
What to do next
- The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
- The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
Archived snapshot
Apr 23, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Warning: Critical improper certificate‑validation in CISCO Webex that can lead to user impersonation, Patch Immediately!
Image
Published : 17/04/2026
- Last update: 17/04/2026
- Affected software: → CISCO Webex versions 39.6 - 45.4
- Type: improper certificate‑validation vulnerability (CWE‑295)
- CVE/CVSS → CVE-2026-20184: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
A critical improper-certificate-validation vulnerability in the SSO (single-sign-on) with Control Hub in CISCO Webex was disclosed by the vendor.
CISCO Webex is a cloud‑based collaboration and communication platform for video meetings.
If an attacker exploits CVE-2026-20184, they could gain unauthorized access to legitimate Cisco Webex services and impersonate any user within the service.
If exploited, this vulnerability could impact all aspects of the CIA triad: confidentiality, integrity, and availability of the affected system. There is no available proof-of-concept or proof-of-exploitation online.
Description
A remote threat actor without privileges or user interaction can connect to a service endpoint and supplying a crafted token to impersonate users, gain access to sensitive information and join meetings without authorization.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
Parties
Related changes
Get daily alerts for Belgium CCB News alt
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CCB.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when Belgium CCB News alt publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.