CVE-2026-20098

Name of the Vulnerable Software and Affected Versions Cisco Meeting Management (affected versions not specified)

Description A flaw exists in the Certificate Management feature that could allow a remote attacker with valid credentials (video operator role or higher) to upload arbitrary files, execute arbitrary commands, and gain root privileges on a system. This is caused by improper input validation within the web-based management interface. An attacker can exploit this by sending a crafted HTTP request. Successful exploitation could lead to overwriting system files processed by the root account, enabling arbitrary command execution with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.