Cisco Releases Critical Security Update for Unified Communications Products

Cisco reports RCE vulnerability CVE-2026-20045 has had exploitation attempts in the wild

Threat ID:: CC-4738
Threat Severity:: High
Published:: 22 January 2026 4:48 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Cisco reports RCE vulnerability CVE-2026-20045 has had exploitation attempts in the wild

Affected platforms

The following platforms are known to be affected:

Cisco Unified Communications

Unified Communications Manager (Unified CM)
Unified Communications Manager Session Management Edition (Unified CM SME)
Unified Communications Manager IM & Presence Service (Unified CM IM&P)
Unity Connection
Webex Calling Dedicated Instance

Threat details

Exploitation attempts of CVE-2026-20045

Cisco is aware of attempted exploitation of this vulnerability in the wild. The NHS England National CSOC assesses further exploitation as likely.

Introduction

Cisco has released security updates to address a critical vulnerability in Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM SME), Unified Communications Manager IM & Presence Service (Unified CM IM&P), Unity Connection, and Cisco Webex Calling Dedicated Instance.

CVE-2026-20045 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 8.2

Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High because exploitation of this vulnerability could result in an attacker elevating privileges to root.

Remediation advice

Affected organisations must review Cisco’s cisco-sa-voice-rce-mORhqY4b security advisory and apply the relevant update as soon as possible.

Note: Organisations running release version 12.5 of the Affected Platforms must migrate to a fixed release.

Remediation steps

Type	Step
Patch	Unified CM, Unified CM IM&P, Unified CM SME, and Webex Calling Dedicated Instance Organisations must apply the relevant update. Please note patches are version-specific; consult the README attached to the patch for details. Note: Organisations running release version 12.5 must migrate to a fixed release. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
Patch	Unity Connection Organisations must apply the relevant update. Please note patches are version-specific; consult the README attached to the patch for details. Note: Organisations running release version 12.5 must migrate to a fixed release. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Type

Step

Patch

Unified CM, Unified CM IM&P, Unified CM SME, and Webex Calling Dedicated Instance

Organisations must apply the relevant update. Please note patches are version-specific; consult the README attached to the patch for details.

Note: Organisations running release version 12.5 must migrate to a fixed release.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Patch

Unity Connection

Organisations must apply the relevant update. Please note patches are version-specific; consult the README attached to the patch for details.

Note: Organisations running release version 12.5 must migrate to a fixed release.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

CVE Vulnerabilities

Status Published

CVE-2026-20045

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Last edited: 22 January 2026 4:48 pm