Cisco has released emergency security updates to address a critical zero day vulnerability affecting several Unified Communications products and Webex Calling Dedicated Instance. The flaw, tracked as CVE-2026-20045, has been confirmed as actively exploited in real world attacks, prompting urgent action from organizations using impacted systems.
Critical Zero Day Allows Remote Command Execution
The vulnerability carries a CVSS score of 8.2 and enables an unauthenticated remote attacker to execute arbitrary commands on the underlying operating system of affected devices. According to Cisco, the issue originates from improper validation of user supplied input in HTTP requests handled by the web based management interface.
By sending specially crafted HTTP requests, an attacker could gain initial user level access and then escalate privileges to obtain full root control of the system. Cisco classified the flaw as critical due to the high impact of potential root level compromise.
Affected Cisco Products
Cisco confirmed that the vulnerability impacts multiple Unified Communications and collaboration platforms used widely in enterprise environments. The affected products include:
Unified CM
Unified CM Session Management Edition
Unified CM IM and Presence Service
Unity Connection
Webex Calling Dedicated Instance
Organizations running any of these products are at risk if systems remain unpatched.
Fixed Versions and Available Patches
Cisco has released patches and upgrade paths to remediate the vulnerability across supported versions. Customers are strongly advised to move to fixed releases or apply the appropriate patch files.
Cisco Unified CM, CM SME, CM IM and Presence, Webex Calling Dedicated Instance
Release 12.5 requires migration to a fixed release
Release 14 requires 14SU5 or patch file ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512
Release 15 requires 15SU4 scheduled for March 2026 or patch files ciscocm.V15SU2_CSCwr21851_remote_code_v1.cop.sha512 or ciscocm.V15SU3_CSCwr21851_remote_code_v1.cop.sha512
Cisco Unity Connection
Release 12.5 requires migration to a fixed release
Release 14 requires 14SU5 or patch file ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
Release 15 requires 15SU4 scheduled for March 2026 or patch file ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
Active Exploitation Confirmed
Cisco stated that it is aware of attempted exploitation of CVE-2026-20045 in the wild. The company emphasized that there are currently no workarounds available and that applying updates is the only effective mitigation.
The vulnerability was discovered and responsibly disclosed by an anonymous external security researcher.
CISA Adds CVE to KEV Catalog
The seriousness of the flaw has drawn the attention of the U.S. Cybersecurity and Infrastructure Security Agency. CISA has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV)catalog. Federal Civilian Executive Branch agencies are now required to apply the fixes by February 11, 2026.
Part of a Broader Wave of Cisco Security Issues
The disclosure comes shortly after Cisco addressed another actively exploited critical flaw in AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. That vulnerability, CVE-2025-20393 with a CVSS score of 10.0, allowed attackers to execute arbitrary commands with root privileges.
These incidents highlight the increasing targeting of enterprise communication and email infrastructure by threat actors.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
