Cisco Unified Communications and Webex Calling patch release for CVE-2026-20045
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco released version-specific updates and patch files for CVE-2026-20045, a critical remote code execution flaw affecting Unified CM, SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. The patch release addresses a bug that can let an attacker move from user-level access to root on the underlying system. Cisco says there are no workarounds, and CISA has placed the CVE in its KEV Catalog with a February 11, 2026 remediation deadline for federal agencies.
Related Happenings
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch Release
First: 22.05.2026 11:19
Last: 22.05.2026 11:19
Sources 1
About this happening:
**TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch ReleaseAbout this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
First: 22.05.2026 08:36
Last: 22.05.2026 08:36
Sources 1
About this happening:
Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch ReleaseAbout this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco ThousandEyes and Nexus security patches
Security Patch Release
First: 21.05.2026 15:04
Last: 21.05.2026 15:04
Sources 1
About this happening:
Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...
Cisco ThousandEyes and Nexus security patches
Security Patch ReleaseAbout this happening: Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...
Ivanti security patch release for CVE-2026-8043
Security Patch Release
First: 18.05.2026 13:54
Last: 18.05.2026 13:54
Sources 1
About this happening:
**Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Ivanti security patch release for CVE-2026-8043
Security Patch ReleaseAbout this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...
Cisco security patch release for CVE-2026-20182
Security Patch Release
First: 14.05.2026 20:45
Last: 14.05.2026 20:45
Sources 1
About this happening:
Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20182
Security Patch ReleaseAbout this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Timeline
-
22.01.2026 00:16 2 articles · 4mo ago
Cisco releases fixes for CVE-2026-20045
Mitigation Patch UpdateCisco fixed CVE-2026-20045, a critical remote code execution flaw affecting Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. The bug stems from improper validation of user-supplied input in HTTP requests, and successful exploitation could let an attacker obtain user-level access and then elevate privileges to root; Cisco said attempts were observed in the wild, released version-specific updates and patch files, noted that no workaround exists without installing updates, and CISA added the CVE to its Known Exploited Vulnerabilities (KEV) Catalog with a February 11, 2026 deadline for federal agencies.
Show sources
- Cisco fixes Unified Communications RCE zero day exploited in attacks — www.bleepingcomputer.com — 22.01.2026 00:16
- Cisco fixes Unified Communications RCE zero day exploited in attacks — www.bleepingcomputer.com — 22.01.2026 00:16