CVE-2026-20119
Unknown Unknown - Not Provided
Denial of Service in Cisco TelePresence via Text Rendering Flaw

Publication date: 2026-02-04

Last updated on: 2026-02-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20119
EUVD
EUVD-2026-5422
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
cisco telepresence_collaboration_endpoint *
cisco roomos *
cisco telepresence_collaboration_endpoint 11.27.5.0
cisco telepresence_collaboration_endpoint 11.32.3.0
cisco roomos 11.27.5.0
cisco roomos 11.32.3.0
cisco roomos From 10 (inc)
cisco roomos to 10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20119 is a high-severity denial of service (DoS) vulnerability affecting Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software. It exists in the text rendering subsystem due to insufficient validation of input received by the device.

An unauthenticated remote attacker can exploit this vulnerability by causing the affected device to render specially crafted text, such as a malicious meeting invitation. No user interaction is required for the exploit to succeed.

A successful exploit causes the device to reload, resulting in a denial of service condition where the device becomes unavailable.

Impact Analysis

This vulnerability can impact you by causing a denial of service (DoS) condition on affected Cisco TelePresence Collaboration Endpoint or RoomOS devices.

An attacker can remotely and without authentication cause the device to reload unexpectedly by sending specially crafted text, such as a malicious meeting invitation.

This results in the device becoming temporarily unavailable, which can disrupt communications and collaboration services relying on these devices.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

This vulnerability has no available workarounds to mitigate the issue.

Cisco strongly recommends upgrading affected devices to fixed software versions to fully remediate the vulnerability.

  • For on-premises devices, upgrade to Cisco TelePresence CE Software and RoomOS Software version 11.27.5.0 or 11.32.3.0.
  • For cloud deployments, upgrade to RoomOS October 2025 or RoomOS December 2025 releases.

Ensure that fixed software is obtained through authorized channels and verify compatibility with existing hardware and software configurations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20119. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart