Cisco Webex Services Certificate Validation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Services%20Certificate%20Validation%20Vulnerability%26vs_k=1
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Cisco has addressed this vulnerability in the Cisco Webex service. However, customer action is necessary for affected organizations that are using SSO integration. There are no workarounds that address this vulnerability.
To avoid service interruption, customers who are using SSO should upload a new identity provider (IdP) SAML certificate to Control Hub. For more information, see Manage single sign-on integration in Control Hub (https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214).
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Security Impact Rating: Critical
CVE: CVE-2026-20184
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20Services%20Certificate%20Validation%20Vulnerability%26vs_k=1
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Cisco has addressed this vulnerability in the Cisco Webex service. However, customer action is necessary for affected organizations that are using SSO integration. There are no workarounds that address this vulnerability.
To avoid service interruption, customers who are using SSO should upload a new identity provider (IdP) SAML certificate to Control Hub. For more information, see Manage single sign-on integration in Control Hub (https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#task_394598AFBCD3D73A488E6DBB99AD3214).
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL
Security Impact Rating: Critical
CVE: CVE-2026-20184
❤1
Cisco Identity Services Engine Remote Code Execution Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node Cisco ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
Security Impact Rating: Critical
CVE: CVE-2026-20180,CVE-2026-20186
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Remote%20Code%20Execution%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit these vulnerabilities, the attacker must have at least Read Only Admin credentials.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node Cisco ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv
Security Impact Rating: Critical
CVE: CVE-2026-20180,CVE-2026-20186
❤1
Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Multiple%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
Security Impact Rating: Medium
CVE: CVE-2026-20132
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Identity%20Services%20Engine%20Multiple%20Cross-Site%20Scripting%20Vulnerabilities%26vs_k=1
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U
Security Impact Rating: Medium
CVE: CVE-2026-20132
👍1
Cisco just made moves to own the AI infrastructure stack
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/cisco-just-made-moves-to-own-the-ai-infrastructure-stack.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/cisco-just-made-moves-to-own-the-ai-infrastructure-stack.html?source=rss
By bulking up AI observability with Galileo and identity with Astrix, Cisco is repositioning its secure network as the control plane for the agentic era.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
Churchill Downs Designates Cisco as Official Enterprise Networking and Network Infrastructure Partner of the Kentucky Derby
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/churchill-downs-designates-cisco-as-official-enterprise-networking-and-network-infrastructure-partner-of-the-kentucky-derby.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/churchill-downs-designates-cisco-as-official-enterprise-networking-and-network-infrastructure-partner-of-the-kentucky-derby.html?source=rss
Cisco and Churchill Downs Incorporated today announced a multi-year partnership to significantly enhance the networking capabilities at the historic Churchill Downs Racetrack.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
❤1
One day with our customers: driving better outcomes through customer centricity
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/one-day-with-our-customers-driving-better-outcomes-through-customer-centricity.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/one-day-with-our-customers-driving-better-outcomes-through-customer-centricity.html?source=rss
Cisco’s "One Day at Your Customer" initiative brings teams into client sites to listen and learn, ensuring we better support their business and drive success.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
👍2
From automation to autonomy: Cisco and Rockwell power a new era for manufacturing
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/from-automation-to-autonomy-cisco-and-rockwell-power-a-new-era-for-manufacturing.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/from-automation-to-autonomy-cisco-and-rockwell-power-a-new-era-for-manufacturing.html?source=rss
❤1
Learn how Cisco's partnership with Rockwell is driving industrial autonomy, a key to enabling scalable infrastructure across all environments.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
❤1
Next-level farming: vertical, efficient, and AI powered
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/next-level-farming-vertical-efficient-and-ai-powered.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/next-level-farming-vertical-efficient-and-ai-powered.html?source=rss
❤1
Planet Farms’ Massimo Mistretta on how Cisco supports agriculture that addresses a changing climate, food access, soil depletion, and more.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
❤2
Energy will define the scale of AI
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/energy-will-define-the-scale-of-ai.html?source=rss
https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2026/m04/energy-will-define-the-scale-of-ai.html?source=rss
Learn how Cisco is partnering with other organizations to ensure responsible, energy-efficient, and trustworthy AI development.
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)
More RSS Feeds: https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html (https://newsroom.cisco.com/c/r/newsroom/en/us/rss-feeds.html?source=rss)