RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in its unified communications solutions that is being exploited by attackers. The vulnerability stems from improper validation of user-supplied input in HTTP requests, allowing attackers to gain user-level access and potentially elevate privileges to root. Affected products include Cisco Unified Communications Manager, Session Management Edition, IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance. Cisco advises immediate remediation by upgrading to a fixed software release or applying a patch.