Cisco Fixed Actively Exploited Unified Communications Zero Day

By Pierluigi Paganini
Publication Date: 2026-01-21 23:47:00

Table of Contents

Cisco fixed actively exploited Unified Communications zero day

Pierluigi Paganini
January 21, 2026

Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild.

Cisco patched a critical zero-day remote code execution flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), actively exploited in attacks.

An unauthenticated, remote attacker can exploit the flaw to execute arbitrary commands on the underlying operating system of an affected device.

The bug affected Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance.

“This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device.” reads the…

Facebook
Twitter
Pinterest
LinkedIn
Digg
Tumblr
Reddit
Buffer
Blogger
Newsvine
HackerNews
Flipboard
Share
LiveJournal
Yammer
Mix
Instapaper
Copy Link
Mastodon

Cisco fixed actively exploited Unified Communications zero day

Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild.

Related Posts