What is CVE-2026-20175?

CVE-2026-20175 is a medium-severity vulnerability in Cisco Finesse, classified under External Control of File Name or Path. CVSS score: 6.1/10. Published 2026-06-03.

How severe is CVE-2026-20175?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Vulnerability in Cisco Finesse

CVE-2026-20175

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerabil…

EPSS: 0.000 (6.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Finesse — versions 11.0(1)ES_Rollback, 10.5(1)ES4, 11.6(1)ES3

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

References

psirt@cisco.com

Frequently asked questions

What is CVE-2026-20175?: CVE-2026-20175 is a medium-severity vulnerability in Cisco Finesse, classified under External Control of File Name or Path. CVSS score: 6.1/10. Published 2026-06-03.
How severe is CVE-2026-20175?: Medium severity. CVSS v3 base score is 6.1 out of 10.