CVE ID
CVE-2026-20045
Vulnerability Name
Cisco Unified Communications Products Code Injection Vulnerability
- Project: Cisco
- Product: Unified Communications Manager
Date
- Date Added: 2026-01-21
- Due Date: 2026-02-11
Description
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045
Related Security News
- Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
- Cisco fixes Unified Communications RCE zero day exploited in attacks
Top comments (0)