CVE Tools

CVE-2026-20175

Cisco Finesse File Inclusion Vulnerability

Published: Jun 3, 2026Updated: Jun 4, 2026 Sources: CVE List NVDCWE-73

Description

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

No summary for this CVE yet.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:RS:CC:LI:LA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:CScope
Changed
Impact
C:LConfidentiality
Low
I:LIntegrity
Low
A:NAvailability
None

Weaknesses

Affected Products

Cisco
commercial·USaka cisco systems, cisco systems inc.

Exploitability

0 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

References

Could not load news mentions.

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-20175 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows