Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable buffer flaw needing no auth or interaction, but AC:H reflects memory-corruption conditions; full C/I/A impact on the endpoint keeps scope unchanged.
Primary rating from Vendor (cisco).
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities.
The vulnerabilities tracked by CVE-2026-20156 are related to improper restriction of operations within the bounds of a memory buffer that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-119.
AnalysisAI
Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to a Cisco RoomOS endpoint and the ability to deliver crafted input to the vulnerable buffer-handling code path; per the CVSS vector (AV:N/PR:N/UI:N) no authentication or user interaction is needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) describes a network-reachable, unauthenticated flaw with full high impact to confidentiality, integrity, and availability but HIGH attack complexity, meaning successful exploitation likely depends on specific conditions such as memory layout, timing, or a non-trivial exploit primitive. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reachability to a Cisco RoomOS endpoint sends a specially crafted network message to a vulnerable service that mishandles buffer bounds, corrupting memory to crash the device or influence execution. Because the CVSS vector is AV:N/AC:H/PR:N, no credentials or user interaction are required, but the high complexity means the attacker must satisfy non-trivial conditions (e.g., precise input crafting or memory-state alignment) to reliably succeed. … |
| Remediation | Patch available per vendor advisory: upgrade RoomOS to the hardened release identified in Cisco Security Advisory cisco-sa-hardening-roomos-AqNMbEq (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hardening-roomos-AqNMbEq); the exact fixed version was not included in the provided data and must be confirmed against that advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Cisco RoomOS devices in your environment and assess network exposure; if feasible for critical deployments, isolate affected endpoints from untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Cisco Roomos Software
View allPrivilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-leve
Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected c
Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over
Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability throu
Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where miss
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44717
GHSA-gxwc-c8rv-5m26