CVE Catalog

CVE-2026-20170

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile - higher than 13% of all known CVEs

Summary

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center allowed an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks. The issue was due to improper handling of HTML and script content. Cisco has addressed this vulnerability in the service, requiring no customer action.

Risk Assessment

An attacker could trick a user into clicking a malicious link, potentially stealing sensitive information from the browser, including authentication and session data. This poses a significant risk to organizational data security.

Recommendation

No customer action is required as Cisco has automatically patched the vulnerability in the Cisco Webex Contact Center service. However, it is recommended to monitor Cisco security advisories.

Original NVD description (English source)

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS