CVE-2026-20119 – Cisco TelePresence Remote Command Execution Vulnerability

This patch addresses a high-severity vulnerability (CVE-2026-20119) affecting Cisco TelePresence devices. The issue exists in the web-based management interface, where improper input validation allows attackers to send specially crafted requests that trigger command execution on the underlying operating system.

An attacker with network access to the management interface could exploit this vulnerability to run arbitrary commands on affected devices. Successful exploitation may allow attackers to alter system configurations, disrupt conferencing operations, or gain control of the device environment. CVE-2026-20119 carries a CVSS v3.1 score of 7.5 (High).

Cisco released software updates that correct the input validation weakness and improve request handling within the management interface. Systems running vulnerable firmware remain exposed until the patched version is applied.