Cisco's Critical Vulnerabilities: What You Need to Know

The most notable vulnerability, tracked as CVE-2026-20184 with a CVSS score of 9.8, stems from improper certificate validation in the single sign-on integration with Control Hub in Cisco Webex Services. The flaw could have allowed an unauthenticated, remote attacker to impersonate any user within the service by connecting to a service endpoint and supplying a crafted token.

"A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services," Cisco said in its advisory. While the company has already addressed the vulnerability on its cloud-based platform, it warned that customers using SSO integration must upload a new SAML certificate for their identity provider to Control Hub to avoid service disruption.

The remaining three vulnerabilities affect Cisco's Identity Services Engine, a widely used security policy management platform. CVE-2026-20147, which carries a CVSS score of 9.9, is an input validation flaw in ISE and ISE Passive Identity Connector that could allow an authenticated attacker with valid administrative credentials to achieve remote code execution through crafted HTTP requests.

Two additional ISE flaws, CVE-2026-20180 and CVE-2026-20186, also scored 9.9 on the CVSS scale. These vulnerabilities could allow an attacker with read-only admin credentials to execute arbitrary commands on the underlying operating system and escalate privileges to root. Cisco noted that in single-node ISE deployments, exploitation could cause the affected node to become unavailable, blocking unauthenticated endpoints from accessing the network.

In total, Cisco patched 15 vulnerabilities across its product lineup on Wednesday, with these four critical flaws drawing the most urgent attention. The Canadian Centre for Cyber Security issued an advisory the same day, highlighting the ISE and Webex updates.

Cisco's Product Security Incident Response Team said it had found no evidence that any of the four critical vulnerabilities had been exploited in the wild. The ISE patches are available across multiple release branches, with ISE Release 3.5 not affected by CVE-2026-20180 and CVE-2026-20186. The updates arrive amid a turbulent stretch for Cisco's security posture, following active exploitation of a separate critical IOS XE zero-day disclosed earlier this month.