Date Posted: 2026/02/10
[Vulnerability Alert] Critical Security Vulnerability Found in Cisco Meeting Management (CVE-2026-20098)
- Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in Cisco Meeting Management (CVE-2026-20098)
- Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202602-00000003
- Cisco Meeting Management provides an administrator web interface for monitoring and managing video conferences, including functions such as adding/removing participants, muting, changing screen layouts, and starting recordings.
- Cisco recently released a critical security advisory (CVE-2026-20098, CVSS: 8.8). This is an arbitrary file upload vulnerability that may allow an authenticated remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges on the affected system to root.
- Note: To exploit this vulnerability, the attacker must possess at least valid user credentials for a Video Operator.
- Impacted Platforms:
- Cisco Meeting Management 3.12 and earlier versions
- Suggested Measures:
- Please update to the following versions:
- Cisco Meeting Management 3.12.1 MR and later versions
- References:
Computer and Communication Center
Network Systems Division
