**Cisco** has issued security patches for four critical vulnerabilities, one of which necessitates immediate action from customers using the company's cloud-based **Webex Services** platform due to an improper certificate validation flaw. **Webex Services** is designed to unify communication across hybrid work environments, enabling seamless collaboration through calls, meetings, and messaging, regardless of location or device. ### Webex Vulnerability: CVE-2026-20184 The **Webex** vulnerability, tracked as **CVE-2026-20184**, lies within the single sign-on (SSO) integration with **Control Hub**, a web-based portal used by IT administrators to manage **Webex** settings. This flaw allows remote, unprivileged attackers to impersonate any user. "Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token," **Cisco** explained in its advisory. "A successful exploit could have allowed the attacker to gain unauthorized access to legitimate **Cisco Webex** services." While **Cisco** has patched the vulnerability within the **Cisco Webex** service, customers using SSO integration are urged to upload a new SAML certificate for their identity provider (IdP) to **Control Hub** to prevent service disruptions. ### Identity Services Engine (ISE) Vulnerabilities In addition to the **Webex** flaw, **Cisco** addressed three critical security vulnerabilities (**CVE-2026-20147**, **CVE-2026-20180**, and **CVE-2026-20186**) within the **Identity Services Engine (ISE)**, a security policy management platform. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary commands on the underlying operating system, regardless of device configuration. However, this requires administrative credentials on the targeted systems. ### Additional Vulnerabilities and Mitigation The complete list of security issues addressed this week includes 10 medium-severity flaws that could lead to authentication bypass, privilege escalation, and denial-of-service conditions. A comprehensive list can be found [here](https://sec.cloudapps.cisco.com/security/center/publicationListing.x). **Cisco**'s Product Security Incident Response Team (PSIRT) has stated that they have no evidence suggesting any of these vulnerabilities have been exploited in the wild. ### Recent CISA Order Last month, the Cybersecurity and Infrastructure Security Agency (**CISA**) mandated federal agencies to patch a maximum-severity vulnerability (**CVE-2026-20131**) in **Cisco**'s Secure Firewall Management Center (FMC). This vulnerability was exploited as a zero-day in **Interlock** ransomware attacks starting in late January 2026.