On 21 January 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The flaw arises from improper input validation of user-supplied data in HTTP requests to the web-based management interface of affected devices.
An unauthenticated remote threat actor can exploit this vulnerability by sending a sequence of crafted HTTP requests, allowing the execution of arbitrary commands on the underlying operating system of unpatched devices. Successful exploitation can result in initial user-level access, which can then be escalated to root privileges, giving the threat actor full control of the affected system. Details regarding real-world exploitation have not been publicly disclosed at this time. The vulnerability was discovered by an external security researcher and responsibly disclosed to Cisco.
While Arctic Wolf has not identified a publicly available proof-of-concept exploit, threat actors are likely to continue targeting this vulnerability due to the high impact of achieving root-level access. Cisco products have historically been popular targets for threat actors, as reflected in multiple prior entries within CISA’s Known Exploited Vulnerabilities catalog.
Recommendation for CVE‑2026‑20045
Upgrade to Latest Fixed Release
Arctic Wolf strongly recommends that customers upgrade to the latest fixed release.
| Affected Product | Affected Release | Fixed Release |
| Cisco Unified CM |
|
|
| Unified CM IM&P | ||
| Unified CM SME | ||
| Webex Calling Dedicated Instance Release | ||
| Unity Connection |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
