CVE-2026-20178
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH Security Impact Rating: Medium CVE: CVE-2026-20178
CSIRTS triage
- What
- An open redirect vulnerability could allow an unauthenticated attacker to redirect users to a malicious webpage.
- Who is affected
- Users of the browser-based version of Cisco Webex App.
- Urgency
- Remediation is important as it could lead to user redirection to malicious sites.
- Action
- Users should ensure they are using the updated version of Cisco Webex App.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2026-20178
Get an email if CVE-2026-20178 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all EPSS-scored CVEs.
Advisory coverage (1)
- mediumCisco Webex App Open Redirect Vulnerabilitycisco-psirt · 2026-06-17
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2026-20178)