Wednesday , July 15 2026
Webex

Cisco Fixes Four Critical Identity Services and Webex Vulns for Code Execution

Cisco has updated to fix four security issues affecting Identity Services and Webex Services. These flaws could let someone run harmful code and pretend to be any user in the service.

The details of the vulnerabilities are below:

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft's Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June's big update,...
Read More
Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet fixes seven new security warnings on July 14, 2026. These affect FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The issues vary...
Read More
Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco...
Read More
CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

CVE-2026-20184 (CVSS score: 9.8): An improper check of certificates in the single sign-on (SSO) system with Control Hub in Webex Services may let a remote attacker who is not signed in pretend to be any user and get unauthorized access to genuine Cisco Webex services.

CVE-2026-20147 (CVSS score: 9.9): An issue with checking user input in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could let a remote attacker with valid admin credentials run harmful code by sending specially made HTTP requests.

CVE-2026-20180 and CVE-2026-20186 (CVSS scores: 9.9): Multiple insufficient validation of user-supplied input vulnerabilities in ISE could allow an authenticated, remote attacker in possession of read only admin credentials to execute arbitrary commands on the underlying operating system of an affected device by sending crafted HTTP requests.

“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco said in an advisory for CVE-2026-20147, CVE-2026-20180, and CVE-2026-20186.

“In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.”

CVE-2026-20184 does not need any action from customers because it’s cloud-based. But, customers using SSO should upload a new IdP SAML certificate to Control Hub. The other problems have been fixed in these versions –

CVE-2026-20147
Cisco ISE or ISE-PIC Release earlier than 3.1 (Migrate to a fixed release)
Cisco ISE Release 3.1 (3.1 Patch 11)
Cisco ISE Release 3.2 (3.2 Patch 10)
Cisco ISE Release 3.3 (3.3 Patch 11)
Cisco ISE Release 3.4 (3.4 Patch 6)
Cisco ISE Release 3.5 (3.5 Patch 3)
CVE-2026-20180 and CVE-2026-20186
Cisco ISE Release earlier than 3.2 (Migrate to a fixed release)
Cisco ISE Release 3.2 (3.2 Patch 8)
Cisco ISE Release 3.3 (3.3 Patch 8)
Cisco ISE Release 3.4 (3.4 Patch 4)
Cisco ISE Release 3.5 (Not Vulnerable)

Cisco said it has not seen any of these issues being used to attack systems, but users should update to the latest version for better security.

Check Also

Dialogflow

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to …