A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2026-20045, has been discovered by Cisco and is being actively exploited in active attacks. Cisco has urged immediate patching, and its Product Security Incident Response Team (PSIRT) has confirmed that attempts to exploit this vulnerability have occurred.
Cisco PSIRT has detected exploits targeting unpatched systems. Attackers are likely using automated scanners to identify exposed interfaces. Organizations using vulnerable VoIP/UC deployments must quickly update their infrastructure to avoid falling victim to attackers.
The bug affects major Unified Communications solutions and allows unauthenticated attackers to issue arbitrary commands on the underlying operating system, potentially gaining administrator privileges. This vulnerability affects the following Cisco products, regardless of device configuration:
No alternatives have been identified. In corporate VoIP configurations exposed through firewalls or VPNs, network access to the management interface is a requirement for exploitation, which is common.
The issue, Cisco reports in its advisory , stems from improper validation of user-supplied input in HTTP requests to the web-based management interface. An attacker sends forged HTTP requests that bypass authentication, execute user-level commands, and then elevate privileges to root. Cisco has classified the issue as Critical via the Security Impact Rating (SIR), ignoring the CVSS score due to the root-level risks.
Cisco has confirmed that this vulnerability does not affect the following Cisco products:
CISA soon added this vulnerability to the known exploited vulnerabilities.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
