Cisco tells Webex users to patch critical security flaws immediately, as experts find its Wi-Fi boxes may be filling their disks with undeletable data every day

Date:
Fri, 17 Apr 2026 14:20:00 +0000

Description:
Four critical flaws were recently patched, and some AP versions are creating undeletable, growing files.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Cisco patches four critical flaws in Webex Services, including SSO and Identity Services Engine RCE bugs No exploitation reported before fixes; users must update SAML certificates in Control Hub Separate IOS XE bug causes WiFi access points to bloat logs and fail updates, affecting 230+ models Cisco has pushed a new patch to address four critical-severity vulnerabilities plaguing its cloud-based Webex Services platform - and has also warned Wi-Fi access points users of a bug in certain versions of IOS XE that could result in a device bootloop.

Webex Services is a platform for communication and collaboration, letting people hold video meetings, send messages, make calls, and share files, all from one place. It was found vulnerable to four flaws: CVE-2026-20184 (9.8/10 - a vulnerability in the integration of single sign-on (SSO)), CVE-2026-20147 (9.9/10 - a remote code execution bug in Cisco ISE and Cisco ISE-PIC), CVE-2026-20180, and CVE-2026-20186 (9.9/10 arbitrary code execution flaws in Cisco Identity Services Engine). Article continues below You may like Cisco warns of critical SD-WAN security flaw which has been open since 2023 SolarWinds Serv-U has some critical security flaws, so users should update
now or face attack HPE warns of dangerous security flaw which could allow Aruba OS password resets Patch now Apparently, no threat actors found these flaws before they were patched: "Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a
service endpoint and supplying a crafted token," Cisco said in its security advisory.

"A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services."

While Cisco patched the flaws , it also stressed that those using SSO integration should upload a new SAML certificate for their identity provider (IdP) to Control Hub. Bloating access points At the same time, the company warned its access points users of a bug that could render their devices useless. In a separate advisory, Cisco said how certain Cisco Access Points (APs) may fail to download new software images or Access Point Service Packs, because an updated library in Cisco IOS XE generates a log file that grows by 5MB every day. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
or sponsors By submitting your information you agree to the Terms &
Conditions and Privacy Policy and are aged 16 or over.

The file, which cannot be deleted from the command line interface, will keep growing until there is no more room on the disk, essentially preventing any further updates to be installed on the device.

Versions 17.12.4, 17.12.5, 17.12.6, and 17.12.6a are affected, it was said.
In total, more than 230 different models are at risk, Cisco said.

The longer an AP runs the affected software, the higher the probability that
a software download will fail due to insufficient disk space, the advisory reads.. What to read next Trend Micro warns of worrying security flaw
allowing full Windows takeover, so patch now Veeam says critical security flaws may be exposing backup servers to RCE attacks Zyxel warns over a dozen routers could be affected by critical RCE security flaw

Users should, therefore, move to a version that doesnt bloat the device, but its not as straightforward of a process. Cisco published a detailed guide, so if youre using the companys APs, make sure to read it here .

Via The Register The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



======================================================================
Link to news story: https://www.techradar.com/pro/security/cisco-tells-webex-users-to-patch-critic al-security-flaws-immediately-as-experts-find-its-wi-fi-boxes-may-be-filling-t heir-disks-with-undeletable-data-every-day


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)