A serious security flaw has been found in Cisco’s unified communications products, and hackers are already taking advantage of it. Cisco has released security patches to fix the issue, which could allow attackers to run malicious code remotely. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, confirming that active exploitation is happening in real-world scenarios.

Details About the Vulnerability

The flaw is identified as CVE-2026-20045 and affects several Cisco products, including Cisco Unified Communications Manager, Unity Connection, and Webex Calling Dedicated Instance. Despite a CVSS score of 8.2, Cisco classifies this as a “Critical” severity issue. The reason for this high rating is that an attacker could gain root-level access without any user interaction, making it extremely dangerous.

The vulnerability involves improper validation of user input in HTTP requests. Essentially, malicious actors can send crafted web requests to the management interface of affected devices. If successful, they can bypass security checks and gain access to the underlying operating system, then escalate privileges to the highest level. This could allow an attacker to take full control of the device.

Active Exploitation and Risks

CISA’s inclusion of this vulnerability in its KEV (Known Exploited Vulnerabilities) catalog confirms that hackers are actively exploiting it. This is a notable development because it signals a real threat rather than a hypothetical risk. Cisco’s security team has also acknowledged that there have been attempts to exploit this flaw in the wild, emphasizing the urgency for organizations to act quickly.

The attack does not require any user interaction and can be carried out remotely by unauthenticated attackers. This means that internet-facing systems are especially at risk. If successful, an attacker could gain full control of the device, possibly leading to data theft, service disruption, or further network intrusion. The severity of this vulnerability underscores the importance of applying patches as soon as possible.

It’s also worth noting that other Cisco collaboration products, such as Contact Center Enterprise and Emergency Responder, are not affected by this flaw. This helps narrow down the scope of the risk for organizations using specific Cisco solutions.

What Organizations Should Do

There are currently no workarounds or mitigations available for this vulnerability, which makes patching essential. Cisco has released updates tailored to different product versions. For example, organizations using Cisco Unified Communications Manager, IM&P, SME, or Webex Calling on version 14 should upgrade to version 14SU5 or apply specific patches. Those on version 15 can apply patches for 15SU2 and 15SU3a, with a full release of version 15SU4 expected in March 2026.

Similarly, Unity Connection administrators are advised to update their systems according to Cisco’s guidance. The company recommends that all affected users prioritize applying these patches to prevent potential exploitation. Since no workarounds are available, timely patching is the only way to mitigate this serious threat.

Organizations relying on Cisco unified communications products should review their security posture immediately. Ensuring that all affected systems are patched will significantly reduce the risk of falling victim to this active attack. Staying vigilant and acting quickly can make the difference between a secure network and a costly security breach.

Inspired by

• https://www.computerworld.com/article/4120764/critical-cisco-uc-bug-actively-exploited.html

Sources

• cisco.com
• cisa.gov
• csoonline.com