“`html
Cisco has revealed a significant zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, currently being exploited in real scenarios.
This flaw impacts essential Unified Communications products, permitting unauthorized adversaries to execute arbitrary commands on the underlying operating system, possibly attaining root access.
The Cisco Product Security Incident Response Team (PSIRT) has acknowledged exploitation attempts and has advocated for immediate updates.
This issue arises from inadequate validation of user-provided input in HTTP requests directed to the web management interface. A malicious entity can send specially crafted HTTP requests that circumvent authentication, execute commands at the user level, and subsequently elevate privileges to root. Cisco assigned it a Critical rating via the Security Impact Rating (SIR), overriding the CVSS score due to root-level dangers.
No alternatives are available. Exploitation necessitates network access to the management interface, typical in enterprise VoIP configurations exposed through firewalls or VPNs.
Impacted Products
This vulnerability affects the following Cisco products irrespective of setup:
| Product | Bug ID |
|---|---|
| Unified CM | CSCwr21851 |
| Unified CM SME | CSCwr21851 |
| Unified CM IM&P | CSCwr29216 |
| Unity Connection | CSCwr29208 |
| Webex Calling Dedicated Instance | CSCwr21851 |
Patches and Updated Releases
Cisco has released updates and fixes. Transition or apply version-specific remedies; review patch READMEs.
Unified CM, IM&P, SME, Webex Calling
Unity Connection
PSIRT confirms only the releases listed.
Real-World Exploitation
Cisco PSIRT has observed active exploits targeting unpatched systems. Attackers likely utilize automated scanners to find exposed interfaces. Enterprises managing vulnerable VoIP/UC deployments are at considerable risk, particularly in hybrid work settings.
Implement patches without delay. Limit management interface access to trusted IPs via firewalls. Check logs for unusual HTTP requests. CISA added this vulnerability to the Known Exploited Vulnerabilities list soon.
An external researcher identified the flaw; Cisco acknowledged their contribution in the advisory. Remain alert: zero-day vulnerabilities such as CVE-2026-20045 highlight UC platform risks amidst increasing RCE activities.
“`