Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
Summary
Cisco released security advisories for three critical vulnerabilities in Webex and Identity Services Engine (ISE) that could allow attackers to impersonate users, execute remote code (run commands on systems they don't control), or bypass access controls. The most urgent fix involves Webex administrators uploading a new identity provider (IdP, a service that verifies user identities) SAML certificate to the cloud-based Control Hub management portal, with no alternative workarounds available.
Solution / Mitigation
For the Webex vulnerability (CVE-2026-20184): Admins must upload a new identity provider SAML certificate to Webex Control Hub. The Webex support article on managing SSO integration directs customers to the Control Hub Alerts center to view installed certificates and their status, and provides an SSO wizard tool with step-by-step details to aid in updating certificates. For ISE vulnerabilities (CVE-2026-20147, CVE-2026-20148, CVE-2026-20180, CVE-2026-20186): The source states that Cisco issued patches but does not provide explicit update instructions or version numbers in the provided text.
Classification
Original source: https://www.csoonline.com/article/4159827/cisco-systems-issues-three-advisories-for-critical-vulnerabilities-in-webex-ise.html
First tracked: April 16, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%