Critical Arbitrary‑Code‑Execution Flaws in Cisco Identity Services & Webex (CVE‑2026‑20184) Threaten Enterprise Collaboration
What It Is – Cisco disclosed four critical vulnerabilities, the most severe being CVE‑2026‑20184 (CVSS 9.8), that allow arbitrary code execution and unrestricted user impersonation in its Identity Services Engine (ISE) and Webex suite.
Exploitability – A proof‑of‑concept for the certificate‑validation bypass is publicly available; no confirmed wild‑use yet, but the high CVSS score and active exploit tooling make exploitation highly probable.
Affected Products – Cisco Identity Services Engine (ISE) 2.9 +; Cisco Webex Meetings, Webex Teams, Webex Calling, and related SSO integration components.
TPRM Impact – Organizations that embed Cisco ISE for SSO or rely on Webex for internal/external communication face a supply‑chain risk: a compromised identity service can be leveraged to pivot into downstream SaaS applications, exfiltrate data, or disrupt critical business processes.
Recommended Actions –
- Deploy Cisco’s emergency patches for all four CVEs immediately.
- Enforce multi‑factor authentication (MFA) on all SSO flows and review token lifetimes.
- Conduct a forensic review of authentication logs for anomalous log‑ins or certificate anomalies.
- Segment Webex traffic from core corporate networks and apply zero‑trust controls.
- Update incident‑response playbooks to include a “Cisco Identity Services” compromise scenario.
Source: The Hacker News