Medium4.3Cisco Updated
Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
cisco-sa-ece-lite-agent-BCgSN8eb Published May 6, 2026Updated by vendor May 6, 2026
CVE-2026-20172
Affected products & platforms
CiscoUnclassified
Summary
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent.
Affected versions
- Scope: At the time of publication, this vulnerability affected Cisco ECE if the Lite Agent was enabled.
- 12 and earlier — Migrate to a fixed release
- Release 15 (first fixed: 15.0(1)ES202603)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 15.0(1)ES202603
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 12 and earlier: migrate to a fixed release.
- Release 15: upgrade to 15.0(1)ES202603.
Temporary workarounds
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.