Security Update: Root Security Vulnerability Threatens Cisco Meeting Management

Attackers can target various Cisco products such as Meeting Management and Prime Infrastructure.

(Image: heise online)

Feb 5, 2026 at 3:44 pm CET

2 min. read

By

Dennis Schirrmacher

Cisco Evolved Programmable Network Manager, Meeting Management, Prime Infrastructure, Secure Web Appliance, and TelePresence Collaboration Endpoint are vulnerable. If attacks are successful, malicious code can get onto systems. Crashes can also occur. Currently, there are no indications from Cisco that attackers are already exploiting the vulnerabilities.

Multiple Security Vulnerabilities

A vulnerability (CVE-2026-20098, “high”) in Cisco Meeting Management is considered the most dangerous. However, attackers must already be authenticated for an attack. Once this hurdle is overcome, they can overwrite system files via crafted HTTP requests due to insufficient checks. If such an attack is successful, attackers become root users and completely compromise systems from this position.

A DoS vulnerability (CVE-2026-20119) in TelePresence Collaboration Endpoint Software and RoomOS Software is classified with a threat level of “high”. At this point, a manipulated meeting invitation can trigger crashes. As the description of the vulnerability reads, a victim does not need to cooperate. Therefore, accepting such an invitation is not necessary.

If attackers successfully exploit the remaining vulnerabilities, XSS attacks (Prime Infrastructure, CVE-2026-20111, “medium”) and redirects to a malicious website are possible (Evolved Programmable Network Manager and Cisco Prime Infrastructure, CVE-2026-20123, “medium”). Additionally, bypassing the malware scanner in the context of Secure Web Appliance is conceivable (CVE-2026-20056, “medium”).

Videos by heise

Admins can find further information on the vulnerabilities and security updates in the linked advisories. List sorted by threat level in descending order: