Cisco Meeting Management Arbitrary File Upload Vulnerability

A critical vulnerability exists within Cisco Meeting Management's certificate management feature. This flaw allows remote attackers with valid credentials to upload and execute malicious files. The vulnerability stems from inadequate input validation within the web interface. Attackers can exploit this by sending a specifically crafted HTTP request. Successful exploitation grants the attacker the ability to upload arbitrary files. These uploaded files could overwrite critical system files. This, in turn, allows for the execution of commands with root privileges. The attacker needs a valid user account with at least video operator privileges. Cisco has released software updates to patch this significant security hole. There are no available workarounds to mitigate the vulnerability. The security impact of this vulnerability is rated as High. The vulnerability is tracked under CVE-2026-20098.