Alerts
High Severity Vulnerability in Cisco Products
23 January 2026
Cisco has released security updates to address a high severity vulnerability in their products. Users and administrators of affected products are advised to update to the latest version immediately.
Background
Cisco has released security updates to address a high severity vulnerability (CVE-2026-20045) in their Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Unity Connection, and Webex Calling Dedicated Instance.
Impact
Successful exploitation of the vulnerability could allow an unauthenticated attacker to send maliciously crafted HTTP requests to the vulnerable product, gaining user-level access and potentially escalating to root privileges.
Affected Products
The vulnerability affects the following product versions:
Cisco Unified CM version 12.5, 14 and 15
Cisco Unified CM SME version 12.5, 14 and 15
Cisco Unified CM IM&P version 12.5, 14 and 15
Cisco Unity Connection version 12.5, 14 and 15
Cisco Webex Calling Dedicated Instance version 12.5, 14 and 15
Known Exploitation
The vulnerability is reportedly being exploited in the wild.
Mitigation
Users and administrators of affected products are advised to update to the latest version immediately.
References