Vulnerabilities

Hackers Targeting Cisco Unified CM Zero-Day

Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.

Eduard Kovacs

Published

January 22, 2026

Cisco vulnerability exploited

Cisco on Wednesday announced patches for yet another zero-day vulnerability targeted by threat actors.

The flaw, tracked as CVE-2026-20045 and classified as critical, affects several of Cisco’s unified communications products, including Cisco Unified Communications Manager (CM) and its Session Management Edition (SME), Unified CM IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance.

According to Cisco, a remote, unauthenticated attacker can exploit CVE-2026-20045 to execute malicious commands on the underlying OS of the device.

The zero-day, reported to the vendor by unnamed external researchers, can be exploited by sending specially crafted HTTP requests to the targeted instance’s web-based management interface.

“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco explained.

There does not appear to be any public information on the attacks targeting CVE-2026-20045. Cisco noted in its advisory that it is “aware of attempted exploitation of this vulnerability in the wild”.

Advertisement. Scroll to continue reading.

The cybersecurity-focused internet search engine Hunter is currently showing roughly 1,300 internet-exposed instances of Cisco Unified CM, nearly half in the United States.

The cybersecurity agency CISA has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by February 11.

CISA’s KEV catalog currently includes roughly 80 Cisco product vulnerabilities exploited in the wild over the past decade. Eight Cisco flaws were added to the agency’s ‘must patch’ list in the past year.

One of the most recent is CVE-2025-20393, a Secure Email Gateway issue that has been exploited in attacks by a China-linked APT. It took the networking giant several weeks to release patches after the public disclosure of the zero-day.