EXPLOITED zero-day CVE-2026-20045, a remote code execution flaw in Cisco’s Unified Communications products, has been exploited in the wild, Cisco disclosed and patched the vulnerability for UCM and related offerings. Cisco said UCM has 30 million users, meaning the potential impact could be vast across enterprises deploying IP-based voice, video, conferencing and collaboration.
According to CISA, CVE-2026-20045 has been added to the Known Exploited Vulnerabilities catalog, though it remains unknown whether it has been used in ransomware attacks. A sign of ongoing activity comes from SOCRadar, which noted signs of mass scanning for vulnerable instances and unauthenticated HTTP access being abused to gain a foothold.
Dark Reading also reports that the threat intelligence firms and Arctic Wolf Labs warned the flaw is likely to attract attention due to its high impact, with Cisco PSIRT saying it is aware of attempted exploitation in the wild and urging customers to update to fixed software; the publication notes Cisco did not respond to comment requests by press time.