Scan free
Pending AnalysisCVE-2026-20170

CVE-2026-20170: XSS in Cisco Webex Contact Center

Platform

cisco

Component

webex-contact-center

View on NVD
Save

CVE-2026-20170 describes a Cross-Site Scripting (XSS) vulnerability affecting the Desktop Agent functionality of Cisco Webex Contact Center. Successful exploitation could allow an unauthenticated, remote attacker to inject malicious scripts into a user's browser, potentially leading to information theft. Cisco has addressed this vulnerability in the Webex Contact Center service, and no customer action is currently required.

Impact and Attack Scenarios

The primary impact of this XSS vulnerability lies in the potential for attackers to execute arbitrary JavaScript code within the context of a user's Webex Contact Center session. This could allow an attacker to steal sensitive information, such as session cookies, authentication tokens, or personally identifiable information (PII) entered by the user. Furthermore, an attacker could potentially redirect the user to a malicious website, impersonate the user, or perform actions on their behalf. The scope of the attack is limited to users interacting with the Desktop Agent, but the potential for data compromise remains significant.

Exploitation Context

CVE-2026-20170 was published on April 15, 2026. The vulnerability's severity is rated as Medium (CVSS 6.1). There are currently no publicly known Proof-of-Concept (POC) exploits available. The vulnerability is not listed on KEV or EPSS, suggesting a low probability of active exploitation at this time. Refer to the official Cisco advisory for further details.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.06% (20% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N6.1MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityLowRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
Low — partial or indirect data access. Attacker gains limited information.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentwebex-contact-center
VendorCisco
Minimum versionN/A
Maximum versionN/A

Weakness Classification (CWE)

CWE-80

Timeline

  1. Published
  2. EPSS updated

Mitigation and Workarounds

Cisco has released a fix for CVE-2026-20170 within the Cisco Webex Contact Center service. As no customer action is needed, ensure your Webex Contact Center deployment is automatically updated to the latest version. While a direct workaround isn't applicable since a fix is available, monitor Webex Contact Center logs for any unusual activity or suspicious URLs being accessed by users. Consider implementing a Web Application Firewall (WAF) with XSS filtering rules as a preventative measure against similar vulnerabilities in other applications.

How to fix

Cisco ha solucionado esta vulnerabilidad en el servicio Cisco Webex Contact Center. No se requiere ninguna acción por parte del cliente.

Frequently asked questions

What is CVE-2026-20170 — XSS in Cisco Webex Contact Center?

CVE-2026-20170 is a Cross-Site Scripting (XSS) vulnerability in the Desktop Agent of Cisco Webex Contact Center, allowing attackers to inject malicious scripts. Cisco has released a fix, and no customer action is needed.

Am I affected by CVE-2026-20170 in Cisco Webex Contact Center?

If you are using Cisco Webex Contact Center, you are potentially affected. However, Cisco has released a fix, and no customer action is needed if your deployment is automatically updated.

How do I fix CVE-2026-20170 in Cisco Webex Contact Center?

Cisco has released a fix within the Webex Contact Center service. Ensure your deployment is automatically updated to the latest version. No manual intervention is required.

Is CVE-2026-20170 being actively exploited?

Currently, there are no publicly known Proof-of-Concept exploits or reports of active exploitation for CVE-2026-20170.

Where can I find the official Cisco advisory for CVE-2026-20170?

Please refer to the official Cisco Security Advisory for CVE-2026-20170 on the Cisco website (link to be added when available).

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs
livefree scan

Try it now — no account

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

Manual scanSlack/email alertsContinuous monitoringWhite-label reports

Drag & drop your dependency file

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...