Webex SSO certificate vulnerability
Incident
Report for Evolve IP UK
Resolved
The customer should have received direct emails from Webex Cisco TAC advising of the vulnerability issue
Investigating
Cisco has identified a vulnerability in the single sign-on (SSO) certificate validation process for Cisco Webex Services by the Cisco Security and Trust team. As a result, the SSO trust anchors were removed on May 22, 2026.
If the customer was unable to upload the new certificate in time, users will be unable to sign in to Webex. In this case, you can use the SSO self-recovery option to temporarily disable SSO and regain access to your Webex organisation. To upload a new certificate, refer to the Identity provider (IdP) certificate section in the article below.
https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#Cisco_Generic_Topic.dita_cd9f682e-b1e8-4352-be03-8c148aeb9182
If the customer was unable to upload the new certificate in time, users will be unable to sign in to Webex. In this case, you can use the SSO self-recovery option to temporarily disable SSO and regain access to your Webex organisation. To upload a new certificate, refer to the Identity provider (IdP) certificate section in the article below.
https://help.webex.com/en-us/article/nstvmyo/Manage-single-sign-on-integration-in-Control-Hub#Cisco_Generic_Topic.dita_cd9f682e-b1e8-4352-be03-8c148aeb9182
This incident affected: Anywhere with Webex (Application, Control Hub).