On 21 January 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The flaw arises from improper input validation of user-supplied data in HTTP requests to the web-based management interface of affected devices.?
An unauthenticated remote threat actor can exploit this vulnerability by sending a sequence of crafted HTTP requests, allowing the execution of arbitrary commands on the underlying operating system of unpatched devices. Successful exploitation can result in?initial?user-level access, which can then be escalated to root privileges, giving the?threat?actor full control of the affected system.?Details regarding real-world exploitation have not been publicly disclosed at this time.?The vulnerability was discovered by an external security researcher and responsibly?disclosed?to Cisco.?
While Arctic Wolf has not?identified?a publicly available proof-of-concept exploit, threat actors are likely to continue targeting this vulnerability due to the high impact of achieving root-level access. Cisco products have historically been popular targets for threat actors, as reflected in multiple prior entries within CISA¡¯s Known Exploited Vulnerabilities catalog.?
Recommendation for CVE?2026?20045
Upgrade to Latest Fixed Release
Arctic Wolf strongly recommends that customers upgrade to the latest fixed release.?
| Affected Product? | Affected Release? | Fixed Release? |
| Cisco Unified CM? |
|
|
| Unified CM IM&P? | ||
| Unified CM SME? | ||
| Webex Calling Dedicated Instance Release? | ||
| Unity Connection? |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?
