CVE-2026-20175EXPLOITEDPATCHED

cis · finesse

Cisco Finesse File Inclusion Vulnerability

Description

A remote, anonymous attacker can exploit a vulnerability in Cisco Finesse to manipulate files and potentially execute arbitrary code.

Affected Products

Vendor	Product	Versions
cis	finesse	11.0(1)ES_Rollback, 10.5(1)ES4, 11.6(1)ES3, 11.0(1)ES2, 12.0(1)ES2, 10.5(1)ES3, 11.0(1), 11.6(1)FIPS, 11.6(1)ES4, 11.0(1)ES3, 10.5(1)ES6, 11.0(1)ES7, 11.5(1)ES4, 10.5(1)ES8, 11.5(1), 11.6(1), 10.5(1)ES10, 11.6(1)ES2, 11.6(1)ES, 11.0(1)ES6, 11.0(1)ES4, 12.0(1), 11.6(1)ES7, 10.5(1)ES7, 11.6(1)ES8, 11.5(1)ES1, 11.6(1)ES1, 11.5(1)ES5, 11.0(1)ES1, 10.5(1), 11.6(1)ES6, 10.5(1)ES2, 12.0(1)ES1, 11.0(1)ES5, 10.5(1)ES5, 11.5(1)ES3, 11.5(1)ES2, 10.5(1)ES9, 11.6(1)ES5, 11.6(1)ES9, 11.5(1)ES6, 10.5(1)ES1, 12.5(1), 12.0(1)ES3, 11.6(1)ES10, 12.5(1)ES1, 12.5(1)ES2, 12.0(1)ES4, 12.5(1)ES3, 12.0(1)ES5, 12.5(1)ES4, 12.0(1)ES6, 12.5(1)ES5, 12.5(1)ES6, 12.0(1)ES7, 12.6(1), 12.5(1)ES7, 11.6(1)ES11, 12.6(1)ES1, 12.0(1)ES8, 12.5(1)ES8, 12.6(1)ES2, 12.6(1)ES3, 12.6(1)ES4, 12.6(1)ES5, 12.5(2), 12.5(1)_SU, 12.5(1)SU, 12.6(1)ES6, 12.5(1)SU ES1, 12.6(1)ES7, 12.6(1)ES7_ET, 12.6(2), 12.6(1)ES8, 12.6(1)ES9, 12.6(2)ES1, 12.6(1)ES10, 12.5(1)SU ES2, 12.6(1)ES11, 12.6(2)ES2, 12.6(2)ES3, 12.5(1)SU ES3, 12.6(2)ES4, 12.6(2)ES5, 15.0(1), 12.6(2)ES6, 15.0(1)ES202508, 15.0(1)ES202511, 15.0(1)ES202602, 15.0(1)SU1, 12.6(2)ES7

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
cis	finesse	cert_advisory	90%

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89

Related News (2 articles)

Tier B

BSI Advisories3d ago

[NEU] [mittel] Cisco Finesse: Schwachstelle ermöglicht Manipulation von Dateien und potenziell Codeausführung

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2026-20175 | Cisco Finesse up to 15.0(1)SU1 Link file inclusion (cisco-sa-finesse-rfi-gwpkdc89)

→ No new info (linked only)

CVSS 3.16.1 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

15.0(1)SU1

CWECWE-73

PublishedJun 3, 2026

Last enriched3d agov3

Trending Score33

Source articles2

Independent2

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20182EXPKEV

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Trending: 110

HIGHCVE-2026-20245EXP

Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

Trending: 90

CRITICALCVE-2026-20230EXP

CVE-2026-20230: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Ma

Trending: 58

HIGHCVE-2026-20233EXP

Cisco Webex Meetings Cross-Site Scripting Vulnerability

Trending: 35

CRITICALCVE-2026-20223EXP

Cisco Secure Workload Unauthorized API Access Vulnerability

Trending: 8

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 3, 2026

Discovered by ZDM

Jun 3, 2026

Actively Exploited

Jun 3, 2026

Exploit Available

Jun 3, 2026

Patch Available

Jun 3, 2026

Updated: severity, patchAvailable

Jun 3, 2026

Updated: description, severity, exploitAvailable, activelyExploited

Jun 5, 2026

Version History

Last enriched 3d ago

v3Tier B3d ago

Updated description with new details and changed severity from CRITICAL to HIGH, indicating that the vulnerability is actively exploited and an exploit is available.

descriptionseverityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C5d ago

Updated severity to CRITICAL and added patch available version 15.0(1)SU1.

severitypatchAvailable

via VulDB

v15d ago

Initial creation

Affected Products

Vendor

Product

Versions

cis

finesse

11.0(1)ES_Rollback, 10.5(1)ES4, 11.6(1)ES3, 11.0(1)ES2, 12.0(1)ES2, 10.5(1)ES3, 11.0(1), 11.6(1)FIPS, 11.6(1)ES4, 11.0(1)ES3, 10.5(1)ES6, 11.0(1)ES7, 11.5(1)ES4, 10.5(1)ES8, 11.5(1), 11.6(1), 10.5(1)ES10, 11.6(1)ES2, 11.6(1)ES, 11.0(1)ES6, 11.0(1)ES4, 12.0(1), 11.6(1)ES7, 10.5(1)ES7, 11.6(1)ES8, 11.5(1)ES1, 11.6(1)ES1, 11.5(1)ES5, 11.0(1)ES1, 10.5(1), 11.6(1)ES6, 10.5(1)ES2, 12.0(1)ES1, 11.0(1)ES5, 10.5(1)ES5, 11.5(1)ES3, 11.5(1)ES2, 10.5(1)ES9, 11.6(1)ES5, 11.6(1)ES9, 11.5(1)ES6, 10.5(1)ES1, 12.5(1), 12.0(1)ES3, 11.6(1)ES10, 12.5(1)ES1, 12.5(1)ES2, 12.0(1)ES4, 12.5(1)ES3, 12.0(1)ES5, 12.5(1)ES4, 12.0(1)ES6, 12.5(1)ES5, 12.5(1)ES6, 12.0(1)ES7, 12.6(1), 12.5(1)ES7, 11.6(1)ES11, 12.6(1)ES1, 12.0(1)ES8, 12.5(1)ES8, 12.6(1)ES2, 12.6(1)ES3, 12.6(1)ES4, 12.6(1)ES5, 12.5(2), 12.5(1)_SU, 12.5(1)SU, 12.6(1)ES6, 12.5(1)SU ES1, 12.6(1)ES7, 12.6(1)ES7_ET, 12.6(2), 12.6(1)ES8, 12.6(1)ES9, 12.6(2)ES1, 12.6(1)ES10, 12.5(1)SU ES2, 12.6(1)ES11, 12.6(2)ES2, 12.6(2)ES3, 12.5(1)SU ES3, 12.6(2)ES4, 12.6(2)ES5, 15.0(1), 12.6(2)ES6, 15.0(1)ES202508, 15.0(1)ES202511, 15.0(1)ES202602, 15.0(1)SU1, 12.6(2)ES7

Vendor

Product

Source

Confidence

cis

finesse

cert_advisory

90%