CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-20178

mediumcovered by 1 sourcefirst seen 2026-06-17
A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to improper input validation of URL parameters in an HTTP request. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to click a crafted URL. A successful exploit could have allowed the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-app-redirect-KOyxhffH Security Impact Rating: Medium CVE: CVE-2026-20178

CSIRTS triage

What
An open redirect vulnerability could allow an unauthenticated attacker to redirect users to a malicious webpage.
Who is affected
Users of the browser-based version of Cisco Webex App.
Urgency
Remediation is important as it could lead to user redirection to malicious sites.
Action
Users should ensure they are using the updated version of Cisco Webex App.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-20178

Get an email if CVE-2026-20178 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-20178

CVE.org record

Embed the live status

CVE-2026-20178 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-20178 status](https://www.csirts.com/badge/CVE-2026-20178)](https://www.csirts.com/cve/CVE-2026-20178)