- 23/2026
- High
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial of service attacks, redirect users to malicious websites, conduct cross-site scripting attacks, upload arbitrary files, execute arbitrary commands, gain elevated privileges, and gain access to the affected products.
Sample of addressed vulnerabilities:
1. Cisco Meeting Management Arbitrary File Upload Vulnerability (CVE-2026- 20098):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Cisco TelePresence CE and RoomOS Denial-of-Service Vulnerability (CVE-2026-20119):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- Cisco TelePresence Collaboration Endpoint (CE) Software.
- Cisco RoomOS Software.
- Cisco Evolved Programmable Network Manager (EPNM).
- Cisco Prime Infrastructure.
- Cisco Meeting Management.
- Cisco Secure Web Appliance (virtual and hardware).
Vulnerabilities
- CVE-2026-20056
- CVE-2026-20098
- CVE-2026-20111
- CVE-2026-20119
- CVE-2026-20123
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.