Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild.
Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access.
The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching.
The issue stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends crafted HTTP requests that bypass authentication, execute commands at the user level, and then escalate privileges to root. Cisco rated it Critical via Security Impact Rating (SIR), overriding the CVSS score due to root-level risks.
No workarounds exist. Exploitation requires network access to the management interface, common in enterprise VoIP setups exposed via firewalls or VPNs.
Affected Products
This vulnerability impacts these Cisco products regardless of configuration:
| Product | Bug ID |
|---|---|
| Unified CM | CSCwr21851 |
| Unified CM SME | CSCwr21851 |
| Unified CM IM&P | CSCwr29216 |
| Unity Connection | CSCwr29208 |
| Webex Calling Dedicated Instance | CSCwr21851 |
Products like Contact Center SIP Proxy, Unified CCE, and others are confirmed unaffected. Check the advisory for full details.
Fixed Releases and Patches
Cisco released updates and patches. Migrate or apply version-specific fixes; consult patch READMEs.
Unified CM, IM&P, SME, Webex Calling
Unity Connection
PSIRT validates only listed releases.
Exploitation in the Wild
Cisco PSIRT detected real-world exploits targeting unpatched systems. Attackers likely leverage automated scanners for exposed interfaces. Enterprises running vulnerable VoIP/UC deployments face high risk, especially in hybrid work environments.
Apply patches immediately. Restrict management interface to trusted IPs via firewalls. Monitor logs for anomalous HTTP requests. CISA added this to the Known Exploited Vulnerabilities soon.
An external researcher reported the flaw; Cisco credited them in the advisory. Stay vigilant: zero-day vulnerabilities like CVE-2026-20045 underscore UC platform risks amid rising RCE trends.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
