CVE-2026-20045

ENISA EUVD: EUVD-2026-3600 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 3 articles Published: 2026-01-21
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
3.93%
probability
This CVE has a 3.93% probability of being exploited in the next 30 days.
0% Top 88.5th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.2
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Description

VulnerabilityLookup (CNA)
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Affected Products

Cisco
Cisco Unified Communications Manager
12.5(1)SU2 12.5(1)SU1 12.5(1) 12.5(1)SU3 12.5(1)SU4 14
Cisco
Cisco Unified Communications Manager IM and Presence Service
12.5(1) 12.5(1)SU1 12.5(1)SU2 12.5(1)SU3 12.5(1)SU4 14
Cisco
Cisco Unity Connection
12.5(1) 12.5(1)SU1 12.5(1)SU2 12.5(1)SU3 12.5(1)SU4 14

Attack Intelligence

Signal Intelligence

Confidence
85%
EPSS 3.93%
CVSS v3.1 8.2
Mentions 3
Last Seen Jan 26, 2026

CNA Information

CNA Assigner
cisco
CNA Title
Cisco Unified Communications Products Remote Code Execution Vulnerability

Analyst Note

TheHackerNews explicitly states CVE-2026-20045 was 'actively exploited as a zero-day in the wild' and that 'Cisco has released fresh patches' to address it, indicating exploitation preceded or coincided with patch availability. BleepingComputer corroborates with 'zero day exploited in attacks' language. Clear zero-day signals present despite limited metadata.

Threat Actors 4

APT 28
apt_group Information theft and espionage 🇷🇺 RU
TAG-28
apt_group Information theft and espionage 🇨🇳 CN
Roaming Tiger
apt_group Information theft and espionage 🇨🇳 CN
White Bear
apt_group Information theft and espionage 🇷🇺 RU

Triage Info

Decided atMar 05, 2026
Published DateJan 21, 2026