Skip to main content

Cisco RoomOS CVE-2026-20156

| EUVDEUVD-2026-44717 HIGH
Buffer Overflow (CWE-119)
2026-07-15 cisco GHSA-gxwc-c8rv-5m26
8.1
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.1 HIGH

Network-reachable buffer flaw needing no auth or interaction, but AC:H reflects memory-corruption conditions; full C/I/A impact on the endpoint keeps scope unchanged.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (cisco).

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 15, 2026 - 16:47 vuln.today
CVE Published
Jul 15, 2026 - 16:17 cve.org
HIGH 8.1

DescriptionCVE.org

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.

The vulnerabilities tracked by CVE-2026-20156 are related to improper restriction of operations within the bounds of a memory buffer that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-119.

AnalysisAI

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach RoomOS endpoint over network
Delivery
Send crafted input to vulnerable service
Exploit
Trigger CWE-119 buffer boundary violation
Execution
Corrupt memory / control execution
Impact
Compromise device or cause DoS

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to a Cisco RoomOS endpoint and the ability to deliver crafted input to the vulnerable buffer-handling code path; per the CVSS vector (AV:N/PR:N/UI:N) no authentication or user interaction is needed. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) describes a network-reachable, unauthenticated flaw with full high impact to confidentiality, integrity, and availability but HIGH attack complexity, meaning successful exploitation likely depends on specific conditions such as memory layout, timing, or a non-trivial exploit primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reachability to a Cisco RoomOS endpoint sends a specially crafted network message to a vulnerable service that mishandles buffer bounds, corrupting memory to crash the device or influence execution. Because the CVSS vector is AV:N/AC:H/PR:N, no credentials or user interaction are required, but the high complexity means the attacker must satisfy non-trivial conditions (e.g., precise input crafting or memory-state alignment) to reliably succeed. …
Remediation Patch available per vendor advisory: upgrade RoomOS to the hardened release identified in Cisco Security Advisory cisco-sa-hardening-roomos-AqNMbEq (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq); the exact fixed version was not included in the provided data and must be confirmed against that advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Cisco RoomOS devices in your environment and assess network exposure; if feasible for critical deployments, isolate affected endpoints from untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-20156 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy