Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco Unified Communications and Webex Calling patch release for CVE-2026-20045

Security Patch Release
First reported
Last updated
Happening score
H score 40
1 unique sources, 1 articles

Summary

Hide ▲

Cisco released version-specific updates and patch files for CVE-2026-20045, a critical remote code execution flaw affecting Unified CM, SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. The patch release addresses a bug that can let an attacker move from user-level access to root on the underlying system. Cisco says there are no workarounds, and CISA has placed the CVE in its KEV Catalog with a February 11, 2026 remediation deadline for federal agencies.

Related Happenings

CISA adds CVE-2026-20262 to KEV and orders federal fixes

Public Sector Action
H score32 First: 16.06.2026 09:05 Last: 16.06.2026 09:05 Sources 1

About this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...

CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)

Advisory/Mitigation
H score38 First: 16.06.2026 08:41 Last: 16.06.2026 08:41 Sources 1

About this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...

Cisco security patch release for CVE-2026-20262

Security Patch Release
H score47 First: 15.06.2026 20:12 Last: 15.06.2026 20:12 Sources 1

About this happening: **Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...

LiteLLM endpoint-hardening patch release (CVE-2026-42271)

Security Patch Release
H score59 First: 09.06.2026 09:26 Last: 09.06.2026 09:26 Sources 1

About this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...

SolarWinds security patch release for CVE-2026-28318

Security Patch Release
H score82 First: 05.06.2026 22:15 Last: 05.06.2026 22:15 Sources 1

About this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...

Timeline

  1. 22.01.2026 00:16 2 articles · 5mo ago

    Cisco releases fixes for CVE-2026-20045

    Mitigation Patch Update

    Cisco fixed CVE-2026-20045, a critical remote code execution flaw affecting Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. The bug stems from improper validation of user-supplied input in HTTP requests, and successful exploitation could let an attacker obtain user-level access and then elevate privileges to root; Cisco said attempts were observed in the wild, released version-specific updates and patch files, noted that no workaround exists without installing updates, and CISA added the CVE to its Known Exploited Vulnerabilities (KEV) Catalog with a February 11, 2026 deadline for federal agencies.

    Show sources