**Cisco Fixes Actively Exploited Unified Communications Zero-Day Vulnerability**

Cisco has patched a critical zero-day remote code execution flaw (CVE-2026-20045) in its Unified Communications and Webex Calling products that is being actively exploited by attackers in the wild.

The vulnerability, which affects Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance, allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. The bug can be exploited by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device.

"This vulnerability is due to improper validation of user-supplied input in HTTP requests," reads the advisory from Cisco. "An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device."

A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root, granting them full control over the device.

The networking giant confirmed that there are no workarounds that address this vulnerability. "The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild," the advisory states. "Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."

It's worth noting that this is not an isolated incident for Cisco. In early January, the company addressed another vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The vulnerability resides in the licensing feature of Cisco ISE and ISE-PIC due to improper XML parsing in the web management interface.

Attackers can exploit this vulnerability by uploading a malicious file, enabling the reading of arbitrary files on the underlying operating system that should not be accessible, even to administrators. This highlights the importance of keeping software up-to-date with the latest security patches and fixes.

Cisco has released version-specific patches for the affected products, which can be downloaded from their website. It's essential for customers to consult the README attached to each patch for detailed instructions on installation and configuration.

As always, it's crucial for organizations to stay vigilant and proactive in addressing potential security threats. Keeping software up-to-date, implementing robust security measures, and conducting regular security audits can help mitigate the risk of attacks and minimize downtime.

**Follow me on Twitter: @securityaffairs and Facebook and Mastodon**