CISCO Security Advisory
Published Date: June 17, 2026
CVE: CVE-2026-20178
Advisory Summary
➤ Cisco has addressed a Medium severity vulnerability (CVE-2026-20178) in the browser-based Cisco Webex App that could allow unauthenticated, remote attackers to perform open redirect attacks. This flaw stemmed from improper input validation of URL parameters in HTTP requests, enabling malicious redirect manipulation if users clicked crafted URLs.
➤ With this vulnerability, attackers could have redirected users to malicious websites, posing phishing or malware risks. Cisco has released timely software updates resolving the issue, and importantly, no customer action beyond applying these updates is required. No effective workarounds exist.
🚨 IT professionals responsible for Cisco Webex deployment should prioritize applying the latest updates to mitigate the risk of redirect-based exploits and safeguard end users from malicious web redirects. Continuous monitoring for official advisories from Cisco remains essential.
-2026-20178
Reference: Vendor Advisory