SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Hackers Targeting Cisco Unified CM Zero-Day 

Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.
Cisco vulnerability exploited

Cisco on Wednesday announced patches for yet another zero-day vulnerability targeted by threat actors.

The flaw, tracked as CVE-2026-20045 and classified as critical, affects several of Cisco’s unified communications products, including Cisco Unified Communications Manager (CM) and its Session Management Edition (SME), Unified CM IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance.

According to Cisco, a remote, unauthenticated attacker can exploit CVE-2026-20045 to execute malicious commands on the underlying OS of the device.

The zero-day, reported to the vendor by unnamed external researchers, can be exploited by sending specially crafted HTTP requests to the targeted instance’s web-based management interface. 

“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco explained.

There does not appear to be any public information on the attacks targeting CVE-2026-20045. Cisco noted in its advisory that it is “aware of attempted exploitation of this vulnerability in the wild”.

Advertisement. Scroll to continue reading.

The cybersecurity-focused internet search engine Hunter is currently showing roughly 1,300 internet-exposed instances of Cisco Unified CM, nearly half in the United States.

The cybersecurity agency CISA has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by February 11. 

CISA’s KEV catalog currently includes roughly 80 Cisco product vulnerabilities exploited in the wild over the past decade. Eight Cisco flaws were added to the agency’s ‘must patch’ list in the past year. 

One of the most recent is CVE-2025-20393, a Secure Email Gateway issue that has been exploited in attacks by a China-linked APT. It took the networking giant several weeks to release patches after the public disclosure of the zero-day.

Related: Hackers Target Cisco Smart Licensing Utility Vulnerabilities

Related: Cisco Routers Hacked for Rootkit Deployment

Related: Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Neill Feather has been named Chief Executive Officer at Point Wild.

Oasis Security has appointed Michael DeCesare as President.

Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.