Cisco Flaw (CVE-2026-20045) Actively Exploited for RCE Attacks
▼ Summary
– Cisco has patched a critical remote code execution vulnerability (CVE-2026-20045) in several of its unified communications products.
– The flaw is a code injection vulnerability that allows attackers to gain root access by sending crafted HTTP requests to a device’s management interface.
– Cisco is aware that this vulnerability is already being actively exploited by attackers in the wild.
– The affected products include Cisco Unified Communications Manager, its Session Management Edition, IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance.
– Cisco strongly recommends applying the provided patches immediately, as there are no available workarounds for this security flaw.
A critical security flaw in several Cisco unified communications products is now under active attack, allowing hackers to execute malicious code on vulnerable systems. Cisco has issued patches to address this high-severity vulnerability, identified as CVE-2026-20045, and urges immediate action from administrators. The company confirmed its security team is tracking exploitation attempts in real-world attacks, making swift remediation essential for protecting enterprise telephony and messaging infrastructure.
The vulnerability is a code injection flaw that arises when the software fails to properly check user-supplied input within HTTP requests. By sending a carefully crafted sequence of HTTP requests to a device’s web management interface, an attacker can exploit this weakness. A successful attack grants the intruder initial access at the user level on the device’s underlying operating system. From there, the attacker can often escalate privileges to gain full root control, effectively taking over the system.
This security issue impacts several core Cisco collaboration products widely used in large-scale and sensitive environments. The affected software includes Cisco Unified Communications Manager (CUCM), a platform for enterprise telephony; Cisco Unified Communications Manager Session Management Edition (SME), for managing complex call routing; Cisco Unified Communications Manager IM & Presence Service, which integrates messaging and presence; Cisco Unity Connection, providing enterprise voicemail; and Cisco Webex Calling Dedicated Instance, a privately hosted cloud calling solution. These systems are commonly deployed by major corporations, government agencies, and organizations in regulated industries, making them high-value targets.
Cisco emphasizes that there are no available workarounds to mitigate this threat. The only effective course of action is to apply the official security updates. The company strongly advises customers to install the relevant patches or upgrade to a fixed software release without delay to close this security gap. The urgency is compounded by the fact that the flaw was reported by an external researcher and is already being leveraged by malicious actors.
In a significant development reflecting the active threat, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has formally added CVE-2026-20045 to its Known Exploited Vulnerabilities catalog. This federal directive mandates that all federal civilian agencies patch the vulnerability by a specified deadline, underscoring the serious risk it poses to national security and critical infrastructure.
(Source: HelpNet Security)
