Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN394 _____________________________________________________________________ DATE : 16/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Cisco Identity Services Engine, Cisco Webex Services, Cisco Identity Services Engine, Cisco Unity Connection, Cisco ThousandEyes Enterprise Agent, Cisco Secure Web Appliance. ===================================================================== https://sec.cloudapps.cisco.com/security/center/publicationListing.x _____________________________________________________________________ Below is the list of Cisco Security Advisories published by Cisco PSIRT on 2026-April-15. The following PSIRT security advisories (3 Critical, 7 Medium) were published at 16:00 UTC today. Table of Contents: 1) Cisco Identity Services Engine Remote Code Execution Vulnerabilities - SIR: Critical 2) Cisco Webex Services Certificate Validation Vulnerability - SIR: Critical 3) Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities - SIR: Critical 4) Cisco Unity Connection Arbitrary File Download Vulnerabilities - SIR: Medium 5) Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability - SIR: Medium 6) Cisco Webex Contact Center Cross-Site Scripting Vulnerability - SIR: Medium 7) Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability - SIR: Medium 8) Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities - SIR: Medium 9) Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities - SIR: Medium 10) Cisco Secure Web Appliance Authentication Bypass Vulnerability - SIR: Medium +-------------------------------------------------------------------- 1) Cisco Identity Services Engine Remote Code Execution Vulnerabilities CVE-2026-20180, CVE-2026-20186 SIR: Critical CVSS Score v(3.1): 9.9 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv"] +-------------------------------------------------------------------- 2) Cisco Webex Services Certificate Validation Vulnerability CVE-2026-20184 SIR: Critical CVSS Score v(3.1): 9.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL"] +-------------------------------------------------------------------- 3) Cisco Identity Services Engine Remote Code Execution and Path Traversal Vulnerabilities CVE-2026-20147, CVE-2026-20148 SIR: Critical CVSS Score v(3.1): 9.9 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ"] +-------------------------------------------------------------------- 4) Cisco Unity Connection Arbitrary File Download Vulnerabilities CVE-2026-20078, CVE-2026-20081 SIR: Medium CVSS Score v(3.1): 6.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx"] +-------------------------------------------------------------------- 5) Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability CVE-2026-20161 SIR: Medium CVSS Score v(3.1): 5.5 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU"] +-------------------------------------------------------------------- 6) Cisco Webex Contact Center Cross-Site Scripting Vulnerability CVE-2026-20170 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA"] +-------------------------------------------------------------------- 7) Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability CVE-2026-20136 SIR: Medium CVSS Score v(3.1): 6.0 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB"] +-------------------------------------------------------------------- 8) Cisco Unity Connection Cross-Site Scripting, Open Redirect, and SQL Injection Vulnerabilities CVE-2026-20059, CVE-2026-20060, CVE-2026-20061 SIR: Medium CVSS Score v(3.1): 6.1 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"] +-------------------------------------------------------------------- 9) Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities CVE-2026-20132 SIR: Medium CVSS Score v(3.1): 4.8 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U"] +-------------------------------------------------------------------- 10) Cisco Secure Web Appliance Authentication Bypass Vulnerability CVE-2026-20152 SIR: Medium CVSS Score v(3.1): 5.3 URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd"] ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================