CVE-2026-20119

EPSS -
Veröffentlicht 04.02.2026 16:12:04
Zuletzt bearbeitet 04.02.2026 17:16:14
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco RoomOS Software

Default Statusunknown

Version RoomOS 10.11.2.2

Status affected

Version RoomOS 10.15.2.2

Status affected

Version RoomOS 11.5.4.6

Status affected

Version RoomOS 11.5.2.4

Status affected

Version RoomOS 10.8.2.5

Status affected

Version RoomOS 10.11.5.2

Status affected

Version RoomOS 10.11.3.0

Status affected

Version RoomOS 10.15.5.3

Status affected

Version RoomOS 10.19.2.2

Status affected

Version RoomOS 11.1.3.1

Status affected

Version RoomOS 10.11.6.0

Status affected

Version RoomOS 10.19.3.0

Status affected

Version RoomOS 10.19.4.2

Status affected

Version RoomOS 10.3.2.4

Status affected

Version RoomOS 10.3.4.0

Status affected

Version RoomOS 10.15.3.0

Status affected

Version RoomOS 11.1.4.1

Status affected

Version RoomOS 11.14.2.3

Status affected

Version RoomOS 11.1.2.4

Status affected

Version RoomOS 10.8.3.1

Status affected

Version RoomOS 11.14.2.1

Status affected

Version RoomOS 10.3.3.0

Status affected

Version RoomOS 10.8.4.0

Status affected

Version RoomOS 10.15.4.1

Status affected

Version RoomOS 10.19.5.6

Status affected

Version RoomOS 10.11.4.1

Status affected

Version RoomOS 11.9.3.1

Status affected

Version RoomOS 11.5.3.3

Status affected

Version RoomOS 10.3.2.0

Status affected

Version RoomOS 11.9.2.4

Status affected

Version RoomOS 11.14.3.0

Status affected

Version RoomOS 11.17.2.2

Status affected

Version RoomOS 11.14.4.0

Status affected

Version RoomOS 10.19 StepUpg

Status affected

Version RoomOS 11.17.3.0

Status affected

Version RoomOS 11.20.2.3

Status affected

Version RoomOS 11.14.5.0

Status affected

Version RoomOS 11.17.4.0

Status affected

Version RoomOS 11.20.3.0

Status affected

Version RoomOS 11.23.1.6

Status affected

Version RoomOS 11.23.1.8

Status affected

Version RoomOS 11.24.1.5

Status affected

Version RoomOS 11.24.2.4

Status affected

Version RoomOS 11.24.3.0

Status affected

Version RoomOS 11.24.4.1

Status affected

Version RoomOS 11.27.2.0

Status affected

Version RoomOS 11.28.1.3

Status affected

Version RoomOS 11.27.3.0

Status affected

Version RoomOS 11.31.1.5

Status affected

Version RoomOS 11.27.4.0

Status affected

Version RoomOS 11.32.2.1

Status affected

HerstellerCisco

≫

Produkt Cisco TelePresence Endpoint Software (TC/CE)

Default Statusunknown

Version CE9.3.0

Status affected

Version CE9.10.2

Status affected

Version CE9.2.6

Status affected

Version CE9.5.0

Status affected

Version CE9.3.3

Status affected

Version CE9.1.4

Status affected

Version CE9.3.2

Status affected

Version CE9.4.2

Status affected

Version CE9.3.1

Status affected

Version CE9.2.5

Status affected

Version CE9.9.3

Status affected

Version CE9.5.3

Status affected

Version CE9.10.3

Status affected

Version CE9.1.5

Status affected

Version CE9.5.2

Status affected

Version CE9.4.1

Status affected

Version CE9.6.1

Status affected

Version CE9.2.4

Status affected

Version CE9.5.1

Status affected

Version CE9.10.1

Status affected

Version CE9.1.2

Status affected

Version CE9.1.1

Status affected

Version CE9.9.4

Status affected

Version CE9.2.1

Status affected

Version CE9.1.3

Status affected

Version CE9.0.1

Status affected

Version CE9.1.6

Status affected

Version CE9.2.2

Status affected

Version CE9.4.0

Status affected

Version CE9.10.0

Status affected

Version CE9.2.3

Status affected

Version CE9.12.3

Status affected

Version CE9.15.18.4

Status affected

Version CE9.15.3.14

Status affected

Version CE9.15.18.6

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q

https://nvd.nist.gov/vuln/detail/CVE-2026-20119

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20119

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20119

EUVD