๐Ÿ” CVE Alert

CVE-2026-20175

MEDIUM 6.1

Cisco Finesse File Inclusion Vulnerability

CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

CWE CWE-73
Vendor cisco
Product cisco finesse
Ecosystems
Industries
NetworkingTelecommunications
Published Jun 3, 2026
Last Updated Jun 3, 2026
Stay Ahead of the Next One

Get instant alerts for cisco cisco finesse

Be the first to know when new medium vulnerabilities affecting cisco cisco finesse are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

Cisco / Cisco Finesse
11.0(1)ES_Rollback 10.5(1)ES4 11.6(1)ES3 11.0(1)ES2 12.0(1)ES2 10.5(1)ES3 11.0(1) 11.6(1)FIPS 11.6(1)ES4 11.0(1)ES3 10.5(1)ES6 11.0(1)ES7 11.5(1)ES4 10.5(1)ES8 11.5(1) 11.6(1) 10.5(1)ES10 11.6(1)ES2 11.6(1)ES 11.0(1)ES6 11.0(1)ES4 12.0(1) 11.6(1)ES7 10.5(1)ES7 11.6(1)ES8 11.5(1)ES1 11.6(1)ES1 11.5(1)ES5 11.0(1)ES1 10.5(1) 11.6(1)ES6 10.5(1)ES2 12.0(1)ES1 11.0(1)ES5 10.5(1)ES5 11.5(1)ES3 11.5(1)ES2 10.5(1)ES9 11.6(1)ES5 11.6(1)ES9 11.5(1)ES6 10.5(1)ES1 12.5(1) 12.0(1)ES3 11.6(1)ES10 12.5(1)ES1 12.5(1)ES2 12.0(1)ES4 12.5(1)ES3 12.0(1)ES5 12.5(1)ES4 12.0(1)ES6 12.5(1)ES5 12.5(1)ES6 12.0(1)ES7 12.6(1) 12.5(1)ES7 11.6(1)ES11 12.6(1)ES1 12.0(1)ES8 12.5(1)ES8 12.6(1)ES2 12.6(1)ES3 12.6(1)ES4 12.6(1)ES5 12.5(2) 12.5(1)_SU 12.5(1)SU 12.6(1)ES6 12.5(1)SU ES1 12.6(1)ES7 12.6(1)ES7_ET 12.6(2) 12.6(1)ES8 12.6(1)ES9 12.6(2)ES1 12.6(1)ES10 12.5(1)SU ES2 12.6(1)ES11 12.6(2)ES2 12.6(2)ES3 12.5(1)SU ES3 12.6(2)ES4 12.6(2)ES5 15.0(1) 12.6(2)ES6 15.0(1)ES202508 15.0(1)ES202511 15.0(1)ES202602 15.0(1)SU1 12.6(2)ES7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89