CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Cisco Webex App Open Redirect Vulnerability

mediumCVE-2026-20178
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH Security Impact Rating: Medium CVE: CVE-2026-20178

CSIRTS triage

What
An open redirect vulnerability could allow an unauthenticated attacker to redirect users to a malicious webpage.
Who is affected
Users of the browser-based version of Cisco Webex App.
Urgency
Remediation is important as it could lead to user redirection to malicious sites.
Action
Users should ensure they are using the updated version of Cisco Webex App.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Webex App

Get an email when a new Webex App advisory drops — max one per day, one-click unsubscribe.

Details

Source
Cisco Security Advisories (INTL · vendor-psirt · site)
Severity
medium
Published
2026-06-17
Exploitation
Not in CISA KEV at last sync

Original advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Webex%20App%20Open%20Redirect%20Vulnerability%26vs_k=1

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-20178coverage & exploitation statusNVD · CVE.org

More from Cisco Security Advisories