CVE-2026-20172 | THREATINT

Description

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. 

PUBLISHED Reserved 2025-10-08 | Published 2026-05-06 | Updated 2026-05-06 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

Reliance on File Name or Extension of Externally-Supplied File

Product status

Default status

unknown

11.6(1)_ES3

affected

11.6(1)_ES4

affected

12.0(1)_ES6

affected

11.6(1)_ES8

affected

12.0(1)_ES5a

affected

11.6(1)_ES9

affected

12.0(1)_ES6_ET1

affected

11.6(1)_ES6

affected

11.6(1)_ES5

affected

12.5(1)_ET1

affected

12.5(1)

affected

12.5(1)_ES3_ET1

affected

12.0(1)_ES3

affected

11.6(1)_ES11

affected

12.0(1)_ES4

affected

12.0(1)_ES5

affected

11.6(1)_ES2

affected

11.6(1)_ES9a

affected

11.6(1)_ES10

affected

12.0(1)_ES1

affected

12.0(1)

affected

12.5(1)_ES3

affected

12.6(1)

affected

11.5(1)

affected

12.0(1)_ES2

affected

11.6(1)_ES7

affected

12.5(1)_ES2

affected

12.6(1)_ET1

affected

11.6(1)

affected

12.5(1)_ES1

affected

12.6(1)_ET2

affected

12.5(1)_ES3_ET2

affected

12.0(1)_ES6_ET2

affected

12.6(1)_ES1

affected

12.5(1)_ES4

affected

11.6(1)_ES12

affected

12.6(1)_ET3

affected

12.5(1)_ES4_ET1

affected

12.0(1)_ES6_ET3

affected

12.6(1)_ES1_ET1

affected

12.6(1)_ES2

affected

12.6_ES2_ET1

affected

12.5(1)_ES5

affected

12.6_ES2_ET2

affected

12.0(1)_ES7

affected

12.6_ES2_ET3

affected

12.0(1)_ES7_ET1

affected

12.5(1)_ES5_ET1

affected

12.6_ES2_ET4

affected

12.6(1)_ES3

affected

11.6(1)_ES12_ET1

affected

12.6_ES3_ET1

affected

12.5(1)_ES6

affected

12.6_ES3_ET2

affected

12.6(1)_ES4

affected

12.5(1)_ES7

affected

12.6(1)_ES4_ET1

affected

12.6(1)_ES5

affected

12.6(1)_ES5_ET1

affected

12.6(1)_ES5_ET2

affected

12.6(1)_ES6

affected

12.6(1)_ES6_ET1

affected

12.5(1)_ES8

affected

12.6(1)_ES6_ET2

affected

12.6(1)_ES7

affected

12.6(1)_ES8

affected

12.6(1)_ES4_ET2

affected

12.6(1)_ES3_ET3

affected

12.6(1)_ES2_ET5

affected

12.6(1)_ES1_ET2

affected

12.6(1)_ES8_ET1

affected

12.6(1)_ES7_ET1

affected

12.6(1)_ES6_ET3

affected

12.6(1)_ES5_ET3

affected

12.5(1)_ES8_ET1

affected

12.5(1)_ES3_ET3

affected

12.5(1)_ES5_ET2

affected

12.5(1)_ES6_ET1

affected

12.5(1)_ES4_ET2

affected

12.5(1)_ES7_ET1

affected

12.6(1)_ES8_ET2

affected

12.6(1)_ES9

affected

12.6(1)_ES9_ET1

affected

12.5(1)_ES9

affected

12.6(1)_ES9_ET2

affected

12.6(1)_ES9_ET3

affected

12.6(1)_ES10

affected

12.6(1)_ES10_ET1

affected

15.0(1)

affected

12.6(1)_ES11

affected

15.0(1)_ET1

affected

15.0(1)ES202508

affected

12.6(1)_ES11_ET1

affected

12.6(1)_ES11_ET2

affected

12.6(1)_ES12

affected

15.0(1)ES202511

affected

12.6(1)_ES12_ET1

affected

15.0(1)ES202511_ET1

affected

12.5(1)_ES10

affected

References

sec.cloudapps.cisco.com/.../cisco-sa-ece-lite-agent-BCgSN8eb (cisco-sa-ece-lite-agent-BCgSN8eb)

cve.org (CVE-2026-20172)

nvd.nist.gov (CVE-2026-20172)

Download JSON