Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco Patches Critical Vulnerabilities in Webex, ISE

By Ionut Arghire
Publication Date: 2026-04-16 10:04:00

Cisco on Wednesday announced patches for 15 vulnerabilities, including critical-severity flaws in Webex and Identity Services Engine (ISE).

Tracked as CVE-2026-20184, the critical Webex bug impacts the single sign-on (SSO) integration with Control Hub and could allow remote, unauthenticated attackers to impersonate any user, Cisco says.

An improper certificate validation could have allowed attackers to connect to a service endpoint and supply a crafted token to access legitimate Webex services without authorization.

While the company has addressed the issue in Webex Services, which are cloud-based, customers using SSO “should upload a new identity provider (IdP) SAML certificate to Control Hub,” Cisco explains.

On Wednesday, the company fixed three critical security defects in ISE, two of which – CVE-2026-20180 and CVE-2026-20186 – could allow remote, authenticated attackers that have read-only admin rights to execute arbitrary commands on the underlying…