By Zeljka Zorz
Publication Date: 2026-01-21 18:15:00
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory.
About CVE-2026-20045
CVE-2026-20045 is a code injection vulnerability stemming from improper validation of user-supplied input in HTTP requests.
“An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco says.
The company warns that its Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability in the wild.
CVE-2026-20045, which was reported by an unnamed external researcher, affects:
- Cisco Unified Communications Manager (CSCwr21851) – used…
