Denial of Service Vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software
CVE-2026-20119

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Roomos Software; Cisco Telepresence Endpoint Software (tc/ce)
Vendor: CVE Published:; 4 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-20119?

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an unauthenticated remote attacker to initiate a denial of service (DoS) condition. This issue arises from inadequate validation of inputs processed by the device. An attacker could exploit this vulnerability by convincing the affected system to render specially crafted text, such as a manipulated meeting invitation. Notably, the attack does not require any user interaction, allowing for potential exploitation without user consent. A successful attack could cause the device to unexpectedly reload, leading to a disruption in service.

Affected Version(s)

Cisco RoomOS Software RoomOS 10.11.2.2

Cisco RoomOS Software RoomOS 10.15.2.2

Cisco RoomOS Software RoomOS 11.5.4.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 4, 2026
Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20119 Data

JSON