CVE-2026-20172— Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
Possible ATT&CK Techniques 3AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application T1189 · Drive-by CompromiseAffected Version Matrix 99
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES3 | affected |
11.6(1)_ES4 | affected | ||
12.0(1)_ES6 | affected | ||
11.6(1)_ES8 | affected | ||
12.0(1)_ES5a | affected | ||
11.6(1)_ES9 | affected | ||
12.0(1)_ES6_ET1 | affected | ||
11.6(1)_ES6 | affected | ||
| … +91 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-20172
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
依赖于外部提供文件的文件名或扩展名
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Enterprise Chat and Email 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Enterprise Chat and Email(Cisco ECE)是美国思科(Cisco)公司的一套企业聊天和电子邮件解决方案。该产品主要为其它Cisco解决方案提供电子邮件、聊天和Web回调功能等。 Cisco Enterprise Chat and Email存在安全漏洞,该漏洞源于文件上传操作期间文件内容验证不足,可能导致经过身份验证的远程攻击者上传包含恶意脚本或HTML代码的文件,从而在用户浏览器中执行内容并发起基于浏览器的攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Enterprise Chat and Email | 11.6(1)_ES3 | - |
II. Public POCs for CVE-2026-20172
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-20172
请登录查看更多情报信息。
Advisory · 1
Same Patch Batch · Cisco · 2026-05-06 · 12 CVEs total
| CVE-2026-20034 | 8.8 HIGH | Cisco Unity Connection Remote Code Execution Vulnerability |
| CVE-2026-20185 | 7.7 HIGH | Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability |
| CVE-2026-20167 | 7.7 HIGH | Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability |
| CVE-2026-20035 | 7.2 HIGH | Cisco Unity Connection Server-Side Request Forgery Vulnerability |
| CVE-2026-20168 | 6.5 MEDIUM | Cisco IoT Field Network Director Path Traversal Vulnerability |
| CVE-2026-20169 | 6.4 MEDIUM | Cisco IoT Field Network Director Command Injection Vulnerability |
| CVE-2026-20219 | 5.4 MEDIUM | Cisco Slido 安全漏洞 |
| CVE-2026-20195 | 5.3 MEDIUM | Cisco Identity Services Engine Observable Response Discrepancy Vulnerability |
| CVE-2026-20193 | 4.3 MEDIUM | Cisco Identity Services Engine Authentication Bypass Vulnerability |
| CVE-2026-20189 | 4.3 MEDIUM | Cisco Prime Infrastructure Information Disclosure Vulnerability |
| CVE-2026-20188 | Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory |
IV. Related Vulnerabilities
Same product: Cisco Enterprise Chat and Email
- CVE-2025-20310
Cisco Enterprise Chat and Email Stored Cross-Site Scripting - CVE-2025-20139
Cisco Enterprise Chat and Email 安全漏洞 - CVE-2022-20633
Cisco Enterprise Chat and Email Username Enumeration Vulnera - CVE-2022-20632
Cisco Enterprise Chat and Email Cross-Site Scripting Vulnera - CVE-2022-20631
Cisco Enterprise Chat and Email Cross-Site Scripting Vulnera
Same vendor: Cisco
- CVE-2026-20199
Cisco ThousandEyes Virtual Appliance 证书验证漏洞致远程代码执行 - CVE-2026-20171
Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Den - CVE-2026-20206
Cisco ThousandEyes BrowserBot Command Injection Vulnerabilit - CVE-2026-20223
Cisco Secure Workload Unauthorized API Access Vulnerability - CVE-2026-20224
Cisco Catalyst SD-WAN Manager XML External Entity Injection
Same weakness: CWE-646
- CVE-2025-30662
Zoom Workplace VDI Plugin macOS Universal Installer - Symlin - CVE-2025-41720
Sauter: Arbitrary File Upload - CVE-2025-58449
Maho Vulnerable to Authenticated Remote Code Execution via F - CVE-2025-1889
picklescan - Security scanning bypass via non-standard file - CVE-2024-52052
Stream Target Remote Code Execution in Wowza Streaming Engin
V. Comments for CVE-2026-20172
No comments yet