Back to overview

CVE-2026-20153

HIGH
7.5
CVSS 3.1
Description
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20153 are related to improper input validation that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-20.

Metadata

CVE ID
CVE-2026-20153
State
PUBLISHED
Assigner
cisco
Reserved
2025-10-08 11:59 UTC
Published
2026-07-15 16:18 UTC
Last updated
2026-07-15 18:06 UTC
Primary CWE
CWE-20
Improper Input Validation
Vendor / Product
Cisco / Cisco RoomOS Software
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Cisco Cisco RoomOS Software RoomOS 10.11.2.2, RoomOS 10.15.2.2, RoomOS 11.5.4.6, RoomOS 11.5.2.4 …
Weakness (CWE)
CWESourceDescription
CWE-20 cna Improper Input Validation
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Back to overview