CVE-2026-20098
published 2026-02-04CVE-2026-20098: A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files…
PriorityP266high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.38%
30.2th percentile
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.
This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of video operator.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | cisco_meeting_management | — | — |
| cisco | meeting_management | < 3.12.1 | 3.12.1 |
| cisco | meeting_management | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the Certificate Management section of the web-based management interface; monitor for unexpected file upload requests (e.g., multipart/form-data POST) to Certificate Management endpoints by accounts holding the 'video operator' role or higher. ↗
- →Alert on file writes to system-owned paths originating from the Cisco Meeting Management web process, particularly files that would be processed by the root account, as successful exploitation overwrites system files to achieve root command execution. ↗
- →Scope monitoring to authenticated sessions: the attacker must hold at least the 'video operator' role. Audit and alert on privilege escalation to root from web-tier processes following file upload activity by video operator accounts. ↗
- →The vulnerability is rooted in the Certificate Management feature; focus file-upload anomaly detection specifically on that feature's endpoints within the Cisco Meeting Management web UI. ↗
- ·Exploitation requires valid credentials with at least the 'video operator' role — this is an authenticated vulnerability, not exploitable pre-auth. Ensure access controls and account hygiene for operator-level roles are enforced as a compensating control. ↗
- ·There are no workarounds available; patching to a fixed software version is the only remediation. Cisco Bug ID CSCwr97339 tracks this issue. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Meeting Management Arbitrary File Upload Vulnerability
vendor_cisco·2026-02-04·CVSS 8.8
CVE-2026-20098 [HIGH] CWE-434 Cisco Meeting Management Arbitrary File Upload Vulnerability
Cisco Meeting Management Arbitrary File Upload Vulnerability
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.
This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vulnerability, th
Cisco
Cisco Meeting Management Arbitrary File Upload Vulnerability
vendor_cisco·CVSS 3.1
CVE-2026-20098 Cisco Meeting Management Arbitrary File Upload Vulnerability
CVE-2026-20098: Cisco Meeting Management Arbitrary File Upload Vulnerability
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vul
GHSA
GHSA-jxvq-5vh3-x329: A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary fi
ghsa_unreviewed·2026-02-04
CVE-2026-20098 [HIGH] CWE-434 GHSA-jxvq-5vh3-x329: A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary fi
A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system.
This vulnerability is due to improper input validation in certain sections of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload arbitrary files to the affected system. The malicious files could overwrite system files that are processed by the root system account and allow arbitrary command execution with root privileges. To exploit this vulnerability, the attacker must have valid credentials for a user account with
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-04
Published