Hackers Targeting Cisco Unified CM Zero-Day

2 hours ago securityweek

Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.

Cisco on Wednesday announced patches for yet another zero-day vulnerability targeted by threat actors.

The flaw, tracked as CVE-2026-20045 and classified as critical, affects several of Cisco’s unified communications products, including Cisco Unified Communications Manager (CM) and its Session Management Edition (SME), Unified CM IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance.

According to Cisco, a remote, unauthenticated attacker can exploit CVE-2026-20045 to execute malicious commands on the underlying OS of the device.

The zero-day, reported to the vendor by unnamed external researchers, can be exploited by sending specially crafted HTTP requests to the targeted instance’s web-based management interface.

“A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco explained.

There does not appear ...

Copyright of this story solely belongs to securityweek . To see the full text click HERE

Share: