๐Ÿ” CVE Alert

CVE-2026-20172

MEDIUM 4.3

Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks. 

CWE CWE-646
Vendor cisco
Product cisco enterprise chat and email
Ecosystems
Industries
NetworkingTelecommunications
Published May 6, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco enterprise chat and email

Be the first to know when new medium vulnerabilities affecting cisco cisco enterprise chat and email are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Affected Versions

Cisco / Cisco Enterprise Chat and Email
11.6(1)_ES3 11.6(1)_ES4 12.0(1)_ES6 11.6(1)_ES8 12.0(1)_ES5a 11.6(1)_ES9 12.0(1)_ES6_ET1 11.6(1)_ES6 11.6(1)_ES5 12.5(1)_ET1 12.5(1) 12.5(1)_ES3_ET1 12.0(1)_ES3 11.6(1)_ES11 12.0(1)_ES4 12.0(1)_ES5 11.6(1)_ES2 11.6(1)_ES9a 11.6(1)_ES10 12.0(1)_ES1 12.0(1) 12.5(1)_ES3 12.6(1) 11.5(1) 12.0(1)_ES2 11.6(1)_ES7 12.5(1)_ES2 12.6(1)_ET1 11.6(1) 12.5(1)_ES1 12.6(1)_ET2 12.5(1)_ES3_ET2 12.0(1)_ES6_ET2 12.6(1)_ES1 12.5(1)_ES4 11.6(1)_ES12 12.6(1)_ET3 12.5(1)_ES4_ET1 12.0(1)_ES6_ET3 12.6(1)_ES1_ET1 12.6(1)_ES2 12.6_ES2_ET1 12.5(1)_ES5 12.6_ES2_ET2 12.0(1)_ES7 12.6_ES2_ET3 12.0(1)_ES7_ET1 12.5(1)_ES5_ET1 12.6_ES2_ET4 12.6(1)_ES3 11.6(1)_ES12_ET1 12.6_ES3_ET1 12.5(1)_ES6 12.6_ES3_ET2 12.6(1)_ES4 12.5(1)_ES7 12.6(1)_ES4_ET1 12.6(1)_ES5 12.6(1)_ES5_ET1 12.6(1)_ES5_ET2 12.6(1)_ES6 12.6(1)_ES6_ET1 12.5(1)_ES8 12.6(1)_ES6_ET2 12.6(1)_ES7 12.6(1)_ES8 12.6(1)_ES4_ET2 12.6(1)_ES3_ET3 12.6(1)_ES2_ET5 12.6(1)_ES1_ET2 12.6(1)_ES8_ET1 12.6(1)_ES7_ET1 12.6(1)_ES6_ET3 12.6(1)_ES5_ET3 12.5(1)_ES8_ET1 12.5(1)_ES3_ET3 12.5(1)_ES5_ET2 12.5(1)_ES6_ET1 12.5(1)_ES4_ET2 12.5(1)_ES7_ET1 12.6(1)_ES8_ET2 12.6(1)_ES9 12.6(1)_ES9_ET1 12.5(1)_ES9 12.6(1)_ES9_ET2 12.6(1)_ES9_ET3 12.6(1)_ES10 12.6(1)_ES10_ET1 15.0(1) 12.6(1)_ES11 15.0(1)_ET1 15.0(1)ES202508 12.6(1)_ES11_ET1 12.6(1)_ES11_ET2 12.6(1)_ES12 15.0(1)ES202511 12.6(1)_ES12_ET1 15.0(1)ES202511_ET1 12.5(1)_ES10

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb