CVE-2026-20098Unrestricted File Upload in Cisco Meeting Management

CWE-434Unrestricted File Upload4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Meeting ManagementCisco Meeting Management
Timeline
PublishedFeb 4

Description

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_meeting_management15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-jxvq-5vh3-x329: A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary fi2026-02-04
CVEList
Cisco Meeting Management Arbitrary File Upload Vulnerability2026-02-04

📋Vendor Advisories

1
Cisco
Cisco Meeting Management Arbitrary File Upload Vulnerability2026-02-04
CVE-2026-20098 — Unrestricted File Upload in Cisco | cvebase