What is CVE-2026-20045?

It is a critical code injection vulnerability in Cisco Unified Communications products that allows remote attackers to execute arbitrary commands without authentication.

Is there active exploitation of this Cisco vulnerability?

Yes, Cisco PSIRT has confirmed that attackers are attempting to exploit CVE-2026-20045 in the wild.

What is the impact of a successful exploit?

An attacker can gain user-level access to the underlying operating system and elevate their privileges to root, granting them full control over the affected device.

Which Cisco products are affected?

Affected products include Unified Communications Manager (Unified CM), Unified CM SME, Unified CM IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance.

Are there any workarounds for CVE-2026-20045?

No, there are no workarounds available. Cisco strongly recommends upgrading to a fixed software release or applying the provided patch files.

Attack

Cisco Patches Actively Exploited Flaw in Unified Communications Products

published: Jan. 22, 2026

Take action: If you are using Cisco communication platforms, read this advisory in detail. Make sure the web management interface are isolated from the internet and accessible from trusted networks only. Then plan a quick update. Because someone will find a way to reach the vulnerable interface even if it's isolated.

Learn More

Cisco released emergency fixes for a critical vulnerability in its enterprise communication tools.The flaw allows hackers to take over systems that manage corporate phone calls, messaging, and voicemail. Cisco's Product Security Incident Response Team (PSIRT) confirmed they are detecting active attempts to exploit this flaw.

The flaw is tracked as CVE-2026-20045 (CVSS score 8.2, Cisco score Critical) - a code injection vulnerability in the web-based management interface. Attackers send a series of specially made HTTP requests. Because the system does not check this input correctly, the attacker can run their own commands without authentication.

A successful compromise gets the attacker a user-level access to the operating system. From there, they can raise their permissions to root and get complete control over the server. They can listen to calls, read messages, or use the server to attack other parts of the network.

Affected systems are:

Cisco Unified Communications Manager (Unified CM) and Session Management Edition (SME).
Cisco Unified Communications Manager IM & Presence Service
Cisco Unity Connection
Webex Calling Dedicated Instance is affected for cloud-hosted users.

There are no workarounds to stop an attack. Cisco advises all users to update their software immediately. If you use version 12.5, you must move to a newer version because it is no longer supported. For versions 14 and 15, Cisco provided specific patch path:

Unified CM, Unified CM IM&P, Unified CM SME, and Webex Calling Dedicated Instance

Cisco Unified CM, Unified CM IM&P, Unified CM SME, and Webex Calling Dedicated Instance Release	First Fixed Release
12.5	Migrate to a fixed release.
14	14SU5 or apply patch file:¹ ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512
15	15SU4 (Mar 2026) or apply patch file:¹ ciscocm.V15SU2_CSCwr21851_remote_code_v1.cop.sha512 ciscocm.V15SU3_CSCwr21851_remote_code_v1.cop.sha512

Unity Connection

Cisco Unity Connection Release	First Fixed Release
12.5	Migrate to a fixed release.
14	14SU5 or apply patch file:¹ ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
15	15SU4 (Mar 2026) or apply patch file:¹ ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512

Cisco Patches Actively Exploited Flaw in Unified Communications Products

Read More
"Bring Your Own Installer" EDR bypass technique exploited …
Microsoft reports on-premise SharePoint vulnerability under active attack
CISA issues alert on active exploits of just …
CISA warns of ongoing hacking of Cisco devices …
CISA reports active exploitation of critical Ivanti Endpoint …