Cisco RoomOS Improper Access Control (CWE-284) CVE-2026-20150
CVE-2026-20150 Published on July 15, 2026

Cisco RoomOS Security Hardening Release - Access Control Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20150 are related to improper access control that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-284.

NVD

Vulnerability Analysis

CVE-2026-20150 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2026-20150 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2026-20150

Want to know whenever a new CVE is published for Cisco Roomos? stack.watch will email you.

 

Affected Versions

Cisco RoomOS Software: