Cisco has released urgent security updates to fix a critical zero-day vulnerability that is being actively exploited in the wild. The flaw, tracked as CVE-2026-20045, affects several Cisco Unified Communications Manager (Unified CM) products and Webex Calling Dedicated Instance. Due to the severity and confirmed exploitation, organizations using these products are strongly advised to apply patches immediately.
According to Cisco, the vulnerability allows an unauthenticated remote attacker to execute arbitrary commands on affected systems. This makes the flaw especially dangerous, as attackers do not need valid login credentials to compromise vulnerable devices.
The vulnerability CVE-2026-20045 has been assigned a CVSS score of 8.2, placing it in the critical category. Cisco confirmed that the issue has already been exploited as a zero-day, meaning attackers began abusing it before patches were publicly available.
Cisco explained that the flaw exists due to improper validation of user-supplied input in HTTP requests sent to the web-based management interface. By sending a sequence of specially crafted HTTP requests, an attacker could exploit the weakness to gain user-level access to the underlying operating system.
Once initial access is achieved, the attacker can further escalate privileges to root, giving them full control over the affected system.
What makes CVE-2026-20045 particularly serious is the combination of the following factors:
No authentication required
Remote exploitation
Command execution on the operating system
Privilege escalation to root
Active exploitation in real-world attacks
If successfully exploited, attackers could fully compromise Cisco communication servers, potentially allowing them to intercept calls, disrupt business communications, steal sensitive data, or use the systems as a pivot point for deeper network attacks.
Cisco confirmed that the following products are impacted by CVE-2026-20045:
Cisco Unified Communications Manager (Unified CM)
Cisco Unified CM Session Management Edition (SME)
Cisco Unified CM IM & Presence Service (IM&P)
Cisco Unity Connection
Webex Calling Dedicated Instance
These products are widely used by enterprises, service providers, and government organizations, making the vulnerability a high-value target for attackers.
Cisco has released patches and fixed software updates for all affected platforms. Customers should upgrade or apply the relevant patch files as soon as possible.
Release 12.5
No direct patch available
Customers must migrate to a fixed release
Release 14
Upgrade to 14SU5, or
Apply patch:
ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512
Release 15
Upgrade to 15SU4 (March 2026), or
Apply one of the following patches:
ciscocm.V15SU2_CSCwr21851_remote_code_v1.cop.sha512ciscocm.V15SU3_CSCwr21851_remote_code_v1.cop.sha512
Release 12.5
Customers must migrate to a fixed release
Release 14
Upgrade to 14SU5, or
Apply patch:
ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
Release 15
Upgrade to 15SU4 (March 2026), or
Apply patch:
ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
Cisco has clearly stated that no workarounds are available, making patching the only effective mitigation.
Cisco has acknowledged that it is aware of attempted exploitation of CVE-2026-20045 in the wild. While the company has not shared technical details about the attacks, the confirmation strongly suggests that threat actors are already targeting unpatched systems.
An anonymous external security researcher is credited with responsibly discovering and reporting the vulnerability to Cisco.
Due to the confirmed exploitation and high impact, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog.
As a result, Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes no later than February 11, 2026. Inclusion in the KEV catalog typically indicates that a vulnerability poses a serious and immediate threat.
Private-sector organizations are also encouraged to treat this vulnerability with the same level of urgency.
The discovery of CVE-2026-20045 comes just days after Cisco fixed another actively exploited critical vulnerability, CVE-2025-20393, which affected Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.
That earlier flaw carried a CVSS score of 10.0 and allowed attackers to execute arbitrary commands with root privileges, highlighting a concerning trend of attackers actively targeting Cisco infrastructure products.
Organizations using affected Cisco Unified CM or Webex products should take the following steps immediately:
Identify affected systems across the environment
Apply the latest patches or upgrade to fixed releases
Monitor logs for signs of suspicious HTTP requests or unusual activity
Restrict access to management interfaces wherever possible
Follow CISA and Cisco advisories for ongoing updates
CVE-2026-20045 is a high-risk, actively exploited zero-day vulnerability that poses a serious threat to enterprise communication systems. With no workaround available, patching is critical. Delaying updates could leave organizations exposed to system takeover, service disruption, and data compromise.
As attackers continue to target core infrastructure software, staying current with security updates remains one of the most effective defenses against real-world cyber threats.
Interesting Article : Think LinkedIn Is Safe? Hackers Are Using It to Spread Malware
Pingback: Critical VMware vCenter RCE Flaw CVE-2024-37079 Under Active Attack