Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Security Advisory】Cisco Meeting Management Contains a Critical Information Security Vulnerability (CVE-2026-20098)

publish date : 2026-02-24 update date : 2026-02-24

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026020605025757 Publication Time 2026/02/06 17:23
Incident Type ANA-Vulnerability Alert Discovery Time 2026/02/06 17:23
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA Adds Seven Known Exploited Vulnerabilities to the KEV Catalog (2026/01/26–2026/02/01)

[Content]
Forwarded from TWCERTCC-200-202602-00000003

Cisco Meeting Management provides an administrative web interface for monitoring and managing video conferences, including functions such as adding or removing participants, muting participants, changing screen layouts, and initiating recordings. Cisco has recently released a critical security advisory (CVE-2026-20098, CVSS: 8.8). This vulnerability is an arbitrary file upload vulnerability that may allow an authenticated remote attacker to upload arbitrary files, execute arbitrary commands, and escalate privileges on the affected system to root.

Note: To exploit this vulnerability, the attacker must possess valid credentials with at least Video Operator privileges.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Cisco Meeting Management versions up to and including 3.12

[Recommended Actions]
Please update to the following version:

Cisco Meeting Management 3.12.1 MR (including 3.12.1 MR) or later
[Reference]
https://www.twcert.org.tw/tw/cp-169-10695-3f9b6-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print