By Sead Fadilpašić
Publication Date: 2026-04-17 14:20:00
- Cisco patches four critical flaws in Webex Services, including SSO and Identity Services Engine RCE bugs
- No exploitation reported before fixes; users must update SAML certificates in Control Hub
- Separate IOS XE bug causes Wi‑Fi access points to bloat logs and fail updates, affecting 230+ models
Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place.
It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution…