Zero-Day Flaw in Cisco Unified Communications Being Targeted

Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System Compromise Mathew J. Schwartz (euroinfosec) • January 22, 2026

Hackers discovered a zero-day vulnerability in Cisco networking gear, a flaw the networking giant warns affects all its Unified Communications products and that facilitates remote code execution, risking full system compromise.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

Cisco on Thursday warned that short of updating software with an emergency patch, no other mitigations or workarounds exist to address the flaw, tracked as CVE-2026-20045.

"This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device," the alert says.

Cisco said hackers have attempted to exploit the vulnerability.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday added CVE-2026-20045 to ...