CVE-2026-20175

Summary

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.

This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Finesse11.0(1)ES_Rollbackaffected
CiscoCisco Finesse10.5(1)ES4affected
CiscoCisco Finesse11.6(1)ES3affected
CiscoCisco Finesse11.0(1)ES2affected
CiscoCisco Finesse12.0(1)ES2affected
CiscoCisco Finesse10.5(1)ES3affected
CiscoCisco Finesse11.0(1)affected
CiscoCisco Finesse11.6(1)FIPSaffected
CiscoCisco Finesse11.6(1)ES4affected
CiscoCisco Finesse11.0(1)ES3affected
CiscoCisco Finesse10.5(1)ES6affected
CiscoCisco Finesse11.0(1)ES7affected
CiscoCisco Finesse11.5(1)ES4affected
CiscoCisco Finesse10.5(1)ES8affected
CiscoCisco Finesse11.5(1)affected
CiscoCisco Finesse11.6(1)affected
CiscoCisco Finesse10.5(1)ES10affected
CiscoCisco Finesse11.6(1)ES2affected
CiscoCisco Finesse11.6(1)ESaffected
CiscoCisco Finesse11.0(1)ES6affected
CiscoCisco Finesse11.0(1)ES4affected
CiscoCisco Finesse12.0(1)affected
CiscoCisco Finesse11.6(1)ES7affected
CiscoCisco Finesse10.5(1)ES7affected
CiscoCisco Finesse11.6(1)ES8affected
CiscoCisco Finesse11.5(1)ES1affected
CiscoCisco Finesse11.6(1)ES1affected
CiscoCisco Finesse11.5(1)ES5affected
CiscoCisco Finesse11.0(1)ES1affected
CiscoCisco Finesse10.5(1)affected
CiscoCisco Finesse11.6(1)ES6affected
CiscoCisco Finesse10.5(1)ES2affected
CiscoCisco Finesse12.0(1)ES1affected
CiscoCisco Finesse11.0(1)ES5affected
CiscoCisco Finesse10.5(1)ES5affected
CiscoCisco Finesse11.5(1)ES3affected
CiscoCisco Finesse11.5(1)ES2affected
CiscoCisco Finesse10.5(1)ES9affected
CiscoCisco Finesse11.6(1)ES5affected
CiscoCisco Finesse11.6(1)ES9affected
CiscoCisco Finesse11.5(1)ES6affected
CiscoCisco Finesse10.5(1)ES1affected
CiscoCisco Finesse12.5(1)affected
CiscoCisco Finesse12.0(1)ES3affected
CiscoCisco Finesse11.6(1)ES10affected
CiscoCisco Finesse12.5(1)ES1affected
CiscoCisco Finesse12.5(1)ES2affected
CiscoCisco Finesse12.0(1)ES4affected
CiscoCisco Finesse12.5(1)ES3affected
CiscoCisco Finesse12.0(1)ES5affected
CiscoCisco Finesse12.5(1)ES4affected
CiscoCisco Finesse12.0(1)ES6affected
CiscoCisco Finesse12.5(1)ES5affected
CiscoCisco Finesse12.5(1)ES6affected
CiscoCisco Finesse12.0(1)ES7affected
CiscoCisco Finesse12.6(1)affected
CiscoCisco Finesse12.5(1)ES7affected
CiscoCisco Finesse11.6(1)ES11affected
CiscoCisco Finesse12.6(1)ES1affected
CiscoCisco Finesse12.0(1)ES8affected
CiscoCisco Finesse12.5(1)ES8affected
CiscoCisco Finesse12.6(1)ES2affected
CiscoCisco Finesse12.6(1)ES3affected
CiscoCisco Finesse12.6(1)ES4affected
CiscoCisco Finesse12.6(1)ES5affected
CiscoCisco Finesse12.5(2)affected
CiscoCisco Finesse12.5(1)_SUaffected
CiscoCisco Finesse12.5(1)SUaffected
CiscoCisco Finesse12.6(1)ES6affected
CiscoCisco Finesse12.5(1)SU ES1affected
CiscoCisco Finesse12.6(1)ES7affected
CiscoCisco Finesse12.6(1)ES7_ETaffected
CiscoCisco Finesse12.6(2)affected
CiscoCisco Finesse12.6(1)ES8affected
CiscoCisco Finesse12.6(1)ES9affected
CiscoCisco Finesse12.6(2)ES1affected
CiscoCisco Finesse12.6(1)ES10affected
CiscoCisco Finesse12.5(1)SU ES2affected
CiscoCisco Finesse12.6(1)ES11affected
CiscoCisco Finesse12.6(2)ES2affected
CiscoCisco Finesse12.6(2)ES3affected
CiscoCisco Finesse12.5(1)SU ES3affected
CiscoCisco Finesse12.6(2)ES4affected
CiscoCisco Finesse12.6(2)ES5affected
CiscoCisco Finesse15.0(1)affected
CiscoCisco Finesse12.6(2)ES6affected
CiscoCisco Finesse15.0(1)ES202508affected
CiscoCisco Finesse15.0(1)ES202511affected
CiscoCisco Finesse15.0(1)ES202602affected
CiscoCisco Finesse15.0(1)SU1affected
CiscoCisco Finesse12.6(2)ES7affected

Weaknesses

  • CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References