Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cisco fixed actively exploited Unified Communications zero day

Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild. Cisco patched a critical zero-day remote code execution flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), actively exploited in attacks. An unauthenticated, remote attacker can exploit the flaw to execute arbitrary commands on the […]

Cisco Catalyst

Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild.

Cisco patched a critical zero-day remote code execution flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), actively exploited in attacks.

An unauthenticated, remote attacker can exploit the flaw to execute arbitrary commands on the underlying operating system of an affected device.

The bug affected Cisco Unified CM, Unified CM SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance.

“This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device.” reads the advisory. “A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.”

Below are impacted versions:

Unified CM, Unified CM IM&P, Unified CM SME, and Webex Calling Dedicated Instance

Cisco Unified CM, Unified CM IM&P, Unified CM SME, and Webex Calling Dedicated Instance ReleaseFirst Fixed Release
12.5Migrate to a fixed release.
1414SU5 or apply patch file:1
ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512
1515SU4 (Mar 2026) or apply patch file:1
ciscocm.V15SU2_CSCwr21851_remote_code_v1.cop.sha512
ciscocm.V15SU3_CSCwr21851_remote_code_v1.cop.sha512

1. Patches are version-specific. Consult the README attached to the patch for details.

Unity Connection

Cisco Unity Connection ReleaseFirst Fixed Release
12.5Migrate to a fixed release.
1414SU5 or apply patch file:1
ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512
1515SU4 (Mar 2026) or apply patch file:1
ciscocm.cuc.CSCwr29208_C0266-1.cop.sha512

1. Patches are version-specific. Consult the README attached to the patch for details.

The networking giant confirmed that there are no workarounds that address this vulnerability.

“The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.” concludes the advisory.

Early January, Cisco addressed a medium-severity vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public PoC exploit was disclosed.

The vulnerability resides in the licensing feature of Cisco ISE and ISE-PIC due to improper XML parsing in the web management interface. An authenticated remote attacker with administrative privileges could exploit it by uploading a malicious file, enabling the reading of arbitrary files on the underlying operating system that should not be accessible, even to administrators.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2026-20045)