CVE-2026-20157
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehen
CVSS
7.5
Alto
EPSS
0.1%
p0
KEV
—
Exploit Today
0
0-100
Publicado: 15 jul 2026 · Última mod.: 15 jul 2026 · CWE-311
Sin historial EPSS suficiente todavía.
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The vulnerabilities tracked by CVE-2026-20157 are related to missing encryption that are grouped under the Common Weakness Enumeration (CWE) Pillar CWE-311.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-344867.5 ALT97.4%
——29Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.
This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.
Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.2dCVE-2022-262817.5 ALT56.5%
——17BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.8dCVE-2021-406506.5 MED50.0%
——15In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.8dCVE-2023-318257.5 ALT47.0%
——14An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.8dCVE-2023-318227.5 ALT47.0%
——14An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function.8dCVE-2023-318207.5 ALT47.0%
——14An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.8d