Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent . This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb Security Impact Rating: Medium CVE: CVE-2026-20172
CSIRTS triage
- What
- A vulnerability in the Lite Agent feature could allow an authenticated attacker to conduct browser-based attacks.
- Who is affected
- Authenticated users of Cisco Enterprise Chat and Email are affected.
- Urgency
- Remediation is necessary to prevent potential browser-based attacks.
- Action
- Update to the latest version of Cisco Enterprise Chat and Email.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Cisco Enterprise Chat and Email
Get an email when a new Cisco Enterprise Chat and Email advisory drops — max one per day, one-click unsubscribe.
Details
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-201720.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-20172 | coverage & exploitation status | NVD · CVE.org |
More from Cisco Security Advisories
- unknownCisco Advance Notification for Publication of July 15, 2026, Security Advisories2026-07-08
- criticalCisco Identity Services Engine Remote Code Execution and Information Disclosure Vulnerabilities2026-07-06
- highCisco Catalyst Center Arbitrary File Read Vulnerability2026-07-06
- highClamAV Vulnerabilities Affecting Cisco Products: July 20262026-07-02
- highCisco Advance Notification for Publication of July 1, 2026, Security Advisories2026-07-01