Cisco RoomOS Buffer Overflow (CWE-119) CVE-2026-20156
CVE-2026-20156 Published on July 15, 2026

Cisco RoomOS Security Hardening Release - Buffer Management Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20156 are related to improper restriction of operations within the bounds of a memory buffer that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-119.

NVD

Vulnerability Analysis

CVE-2026-20156 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2026-20156 has been classified to as a Buffer Overflow vulnerability or weakness.


Products Associated with CVE-2026-20156

Want to know whenever a new CVE is published for Cisco Roomos? stack.watch will email you.

 

Affected Versions

Cisco RoomOS Software: