Cisco has addressed a critical remote code execution vulnerability, CVE-2026-20045, exploited in active attacks, impacting multiple Unified Communications products. Urging urgent updates, Cisco and CISA highlight the severity of the flaw, which allows attackers to gain root access. #CVE-2026-20045 #CiscoUnifiedCommunications
Keypoints
- Cisco fixed a high-severity remote code execution vulnerability affecting several of its communication products.
- The flaw is due to improper validation of user input in HTTP requests, enabling attackers to gain root access.
- Exploit attempts have been observed in real-world attacks, prompting urgent patching recommendations.
- Cisco released specific software patches and urged users to review README files before applying updates.
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its KEV catalog with a remediation deadline of February 11, 2026.