Tech News
← Back to articles

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

2026-01-23 | original
read original related products more articles

A zero-day vulnerability affecting a range of Cisco's unified communications products has been exploited by threat actors, though details of the activity are unclear.

Cisco on Wednesday disclosed and patched CVE-2026-20045, a remote code execution (RCE) vulnerability in Cisco's Unified Communications Manager (UCM) as well as other products. Cisco has 30 million users for UCM, which provides IP-based voice, video, conferencing, and collaboration for enterpises — so the potential impact could be vast.

According to Cisco's advisory, the flaw stems from improper validation of user-supplied input in HTTP requests: "An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device," the advisory stated. "A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root."

While the vulnerability received a high-severity CVSS score of 8.2, Cisco said it assigned CVE-2026-20045 a proprietary Security Impact Rating (SIR) of critical because of the potential of attackers to achieve root privileges and gain full control over targeted systems.

The zero-day vulnerability also impacts Cisco's Unified Communications Manager Session Management Edition (UCM SME), Unified Communications Manager IM & Presence Service (UCM IM&P), Unity Connection, and Webex Calling Dedicated Instance. The networking giant credited an anonymous "external researcher" with the discovery of the RCE flaw.

Related:DPRK Actors Deploy VS Code Tunnels for Remote Hacking

Cisco Zero-Day Under Attack, But From Where?

Cisco said in the advisory that its Product Security Incident Response Team (PSIRT) "is aware of attempted exploitation of this vulnerability in the wild," and strongly urged customers to update their software to a fixed version.

The US Cybersecurity and Infrastructure Security Agency (CISA) also added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog on Wednesday. The KEV listing stated that it's unknown if the vulnerability has been exploited in ransomware attacks.

Dark Reading contacted Cisco for comment, but the company did not respond by press time.

... continue reading

Related:
The Best GPUs - Early 2026
In a Sea of Melting Ice, These Polar Bears Are Doing Something Unexpected
Waymo will start offering rides to San Francisco airport
Waymo begins service at San Francisco International Airport
San Francisco Police Department investigating Zoox collision with a parked car

© 2026 GoKawiil