Another week, another emergency patch as Cisco plugs Unified Comms zero-day
Article Date: 2026-01-22T10:54:36+00:00
Summary
Cisco has released an emergency patch for a critical zero-day vulnerability (CVE-2026-20045) affecting the web-management interfaces of several Unified Communications products: Unified Communications Manager (Unified CM), Session Management Edition (SME), IM & Presence Service (IM&P), Cisco Unity Connection, and Webex Calling Dedicated Instance. The flaw allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system and potentially escalate to root. Cisco rates the issue as Critical and warns of exploitation in the wild; CISA has added it to its Known Exploited Vulnerabilities list.
Key Points
- Vulnerability: CVE-2026-20045 — improper validation of user-supplied input in HTTP requests to the web-management interface.
- Affected products include Unified CM, SME, IM&P, Unity Connection and Webex Calling Dedicated Instance.
- Allows unauthenticated remote code execution and potential root escalation; Cisco labels it Critical despite a CVSS base in the High range.
- Exploitation is occurring in the wild and CISA has added the flaw to its Known Exploited Vulnerabilities list.
- No workaround published by Cisco — administrators must apply vendor patches immediately.
- Part of a string of recent emergency fixes from Cisco, highlighting ongoing issues in management-plane code.
Context and relevance
Voice and unified-communications infrastructure often sits on internal networks or behind VPNs, but those management interfaces are still routinely reachable and attractive targets for attackers. With exploitation already observed and federal guidance from CISA, organisations running the affected Cisco software face a short window to patch before being compromised. This incident follows other recent Cisco emergency patches, suggesting attackers are actively probing management interfaces across products.
Author style
Punchy: This isn’t a garden-variety bug — it’s an unauthenticated RCE in management interfaces, weaponised in the wild. If you’re responsible for Cisco voice or Webex stacks, drop what you’re doing and patch.
Why should I read this?
Short version: patch now. If you run any of the affected Cisco Unified Comms kit, this flaw can let strangers take over your boxes without logging in. No workaround, active exploitation, and CISA breathing down your neck — we’ve saved you the hassle of combing the advisory: apply the fixes ASAP.