CVE-2026-20149 MEDIUM

CVE-2026-20149

Vendor Cisco

Product Cisco Webex Meetings

Weakness CWE-79 · XSS

Published March 4, 2026

Last update March 4, 2026

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to conduct an XSS attack against the targeted user.

Key dates

02Disclosure timeline

March 4, 2026 CVE published

March 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-20149 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2026-20149

01Description

02Disclosure timeline

03References

04Related CVE