CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability

mediumCVE-2026-20172
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent . This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb Security Impact Rating: Medium CVE: CVE-2026-20172

CSIRTS triage

What
A vulnerability in the Lite Agent feature could allow an authenticated attacker to conduct browser-based attacks.
Who is affected
Authenticated users of Cisco Enterprise Chat and Email are affected.
Urgency
Remediation is necessary to prevent potential browser-based attacks.
Action
Update to the latest version of Cisco Enterprise Chat and Email.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Cisco Enterprise Chat and Email

Get an email when a new Cisco Enterprise Chat and Email advisory drops — max one per day, one-click unsubscribe.

Details

Source
Cisco Security Advisories (INTL · vendor-psirt · site)
Severity
medium
Published
2026-05-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Enterprise%20Chat%20and%20Email%20Lite%20Agent%20File%20Upload%20Vulnerability%26vs_k=1

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-20172coverage & exploitation statusNVD · CVE.org

More from Cisco Security Advisories