CISCO: Reference: Cisco Security Advisory on Cisco Finesse RFI

CISCO Security Advisory

Published Date: June 3, 2026

CVE: CVE-2026-20175

Advisory Summary

❗️⚠️ Cisco Finesse Remote File Inclusion Vulnerability (CVE-2026-20175) ⚠️❗️

Cisco has identified a medium-severity Remote File Inclusion (RFI) vulnerability in its Cisco Finesse platform. This flaw arises from insufficient validation of user-supplied input in HTTP requests sent to affected devices. Exploitation could allow an unauthenticated, remote attacker to load arbitrary files into an active user session by convincing a user to click on a specially crafted link containing the target device’s address.

The risk is significant for browser-based attacks, enabling the execution of malicious scripts in the context of the Cisco Finesse interface or unauthorized access to sensitive device information. The vulnerability highlights the importance of input validation and session handling security in customer interaction platforms.

Cisco has issued software updates that fully address this vulnerability; no workaround options are available. Organizations using Cisco Finesse should prioritize applying these security patches swiftly to mitigate potential attack vectors and safeguard critical call center infrastructure.

Stay vigilant for phishing attempts using malicious links targeting Finesse users as part of exploitation efforts.

-2026-20175

Reference: Vendor Advisory