[Vulnerability Alert] Critical Security Vulnerability Found in Cisco Meeting Management (CVE-2026-20098)

• Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in Cisco Meeting Management (CVE-2026-20098)

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202602-00000003
  • Cisco Meeting Management provides an administrator web interface for monitoring and managing video conferences, including functions such as adding/removing participants, muting, changing screen layouts, and starting recordings.
  • Cisco recently released a critical security advisory (CVE-2026-20098, CVSS: 8.8). This is an arbitrary file upload vulnerability that may allow an authenticated remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges on the affected system to root.
  • Note: To exploit this vulnerability, the attacker must possess at least valid user credentials for a Video Operator.
• Impacted Platforms:
  • Cisco Meeting Management 3.12 and earlier versions
• Suggested Measures:
  • Please update to the following versions:
  • Cisco Meeting Management 3.12.1 MR and later versions
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10695-3f9b6-1.html

Computer and Communication Center
Network Systems Division