CVE-2026-20119

CWE-12874 documents4 sources

Severity

7.5HIGH

EPSS

0.1%

top 69.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Roomos Software Cisco Cisco Telepresence Endpoint Software (tc/ce)

Timeline

PublishedFeb 4

Description

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_telepresence_endpoint_software_(tc/ce)35 versions+34

▶CVEListV5cisco/cisco_roomos_software51 versions+50

🔴Vulnerability Details

CVEList

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability↗2026-02-04

▶

GHSA

GHSA-mp3x-9r34-2hx4: A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an un↗2026-02-04

▶

📋Vendor Advisories

Cisco

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability↗2026-02-04

▶