Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.
Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 – a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 – a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine).
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cisco tells Webex users to patch critical security flaws immediately
April 17, 2026
Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform – and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop. Webex Services is a platform for communication and collaboration, letting people hold video meetings, ...
- Disgruntled researcher releases second major Windows zero-day
April 17, 2026
The same disgruntled researcher who recently disclosed a zero-day vulnerability in Windows has now done it again, this time targeting Microsoft Defender, the operating system’s native antivirus solution. A researcher with the alias “Chaotic Eclipse” has posted a proof-of-concept (PoC) exploit for a vulnerability they named “RedSun”. It is a local privilege escalation flaw that allows ...
- Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
April 15, 2026
Watch out for more Fortinet vulns! Two critical bugs in Fortinet’s sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems. Luckily, the security vendor has issued fixes – so patch now – and so far, there are no reports of active exploitation. But considering that the vulnerabilities are now public, ...
- Patch Tuesday – April 2026
April 14, 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser ...
- Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
April 13, 2026
Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them. The four vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on Monday are: CVE-2025-60710, a link-following vulnerability in Windows ...
- Attackers exploited critical FortiClient EMS bug as a 0-day
April 6, 2026
Fortinet released an emergency patch over the weekend for a critical FortiClient Enterprise Management Server (EMS) bug believed to be under attack since at least March 31. The flaw, tracked as CVE-2026-35616, is an improper access control vulnerability that allows unauthenticated attackers to execute unauthorized code or commands via crafted requests. It earned a critical 9.1 ...