Alerts

Cisco Meeting Management Vulnerability Allows Authenticated Attackers to Gain Root Access

Cisco has released a security advisory for CVE-2026-20098, a high-severity vulnerability in Cisco Meeting Management that allows authenticated remote attackers to upload arbitrary files, execute commands, and escalate privileges to root.

The flaw carries a CVSS score of 8.8 and affects all versions of Cisco Meeting Management prior to 3.12.1 MR. No workarounds are available — patching is the only remediation.

Vulnerability Details

The vulnerability exists in the Certificate Management feature of the web-based management interface due to improper input validation. An attacker with valid credentials for a user account with at least the "video operator" role can send a crafted HTTP request to upload arbitrary files to the system.

The uploaded files can overwrite system files processed by the root account, enabling arbitrary command execution with root privileges. This effectively grants complete control over the affected server.

Affected Versions

All Cisco Meeting Management releases 3.12 and earlier are vulnerable regardless of device configuration.

Fixed Release: 3.12.1 MR

Exploitation Status

Cisco PSIRT is not aware of any public announcements or malicious exploitation of this vulnerability in the wild.

Discovery

The vulnerability was reported by the NATO Cyber Security Centre Penetration Testing Team.

Recommendation

Organizations running Cisco Meeting Management should upgrade to version 3.12.1 MR immediately. The authentication requirement (video operator role) lowers the attack surface somewhat, but compromised credentials or insider threats could enable exploitation. No workarounds or mitigations are available short of patching.

GitHub Confirms TeamPCP Breach of 3,800 Internal Repositories After Employee Installed Poisoned VS Code Extension

GitHub has confirmed that approximately 3,800 internal repositories were compromised after a TeamPCP supply chain attack that began with a single employee installing a poisoned Visual Studio Code extension. The breach was announced on Tuesday after TeamPCP posted claims on an underground forum offering GitHub's stolen source

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious version

Grafana Confirms GitHub Breach After Coinbase Cartel Demands Ransom — Codebase Stolen via Compromised Token

Grafana Labs has confirmed a data breach after attackers used a compromised token to access the company's GitHub environment and download its entire codebase. The open source visualization and analytics platform disclosed the incident on Sunday, two days after cybercrime group Coinbase Cartel listed Grafana on its leak

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first known version