MUST READ

Cisco fixed four critical flaws in Identity Services and Webex

 | 

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

 | 

AI platform n8n abused for stealthy phishing and malware delivery

 | 

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

 | 

Sweden reports cyberattack attempt on heating plant amid rising energy threats

 | 

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

 | 

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

 | 

Mirax malware campaign hits 220K accounts, enables full remote control

 | 

PHP Composer flaws enable remote command execution via Perforce VCS

 | 

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

 | 

Personal data of 1 million gym members compromised in Basic-Fit security incident

 | 

US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

 | 

ShinyHunters claim the hack of Rockstar Games breach and started leaking data

 | 

Attackers target unpatched ShowDoc servers via CVE-2025-0520

 | 

U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

Fake Claude AI installer abuses DLL sideloading to deploy PlugX

 | 

Hackers access Booking.com user data, company secures systems

 | 

iPhone forensics expose Signal messages after app removal in U.S. case

 | 

Citizen Lab: Webloc tracked 500M devices for global law enforcement

 | 

Iran-linked group Handala claims to have breached three major UAE organizations

 | 

Cisco fixed four critical flaws in Identity Services and Webex

Pierluigi Paganini April 16, 2026

Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation.

Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting urgent updates to protect systems and prevent potential exploitation.

Below are the descriptions of the flaws:

  • CVE-2026-20184 (CVSS 9.8): An improper certificate validation issue in Webex SSO integration with Control Hub could allow an unauthenticated remote attacker to impersonate any user and gain unauthorized access to Webex services.
  • CVE-2026-20147 (CVSS 9.9): An input validation flaw in Identity Services Engine (ISE) and ISE-PIC could let an authenticated attacker with admin credentials execute remote code via crafted HTTP requests.
  • CVE-2026-20180 / CVE-2026-20186 (CVSS 9.9): Input validation issues in ISE could allow attackers with read-only admin access to execute arbitrary OS commands using crafted HTTP requests.

Cisco says it has no evidence of public disclosure or active exploitation of these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)

CISCO CISCO WebEx Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini April 16, 2026
Cookeville Regional Medical Center hospital data breach impacts 337,917 people
Read more
Pierluigi Paganini April 16, 2026
AI platform n8n abused for stealthy phishing and malware delivery
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco fixed four critical flaws in Identity Services and Webex

Security / April 16, 2026

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

Cyber Crime / April 16, 2026

AI platform n8n abused for stealthy phishing and malware delivery

Hacking / April 16, 2026

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

APT / April 16, 2026

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

Hacking / April 15, 2026