Cisco Unified Communications and Webex Calling patch release for CVE-2026-20045
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco released version-specific updates and patch files for CVE-2026-20045, a critical remote code execution flaw affecting Unified CM, SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance. The patch release addresses a bug that can let an attacker move from user-level access to root on the underlying system. Cisco says there are no workarounds, and CISA has placed the CVE in its KEV Catalog with a February 11, 2026 remediation deadline for federal agencies.
Related Happenings
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
Cisco security patch release for CVE-2026-20262
Security Patch Release
H score47
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco security patch release for CVE-2026-20262
Security Patch ReleaseAbout this happening: **Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch Release
H score59
First: 09.06.2026 09:26
Last: 09.06.2026 09:26
Sources 1
About this happening:
BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch ReleaseAbout this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...
SolarWinds security patch release for CVE-2026-28318
Security Patch Release
H score82
First: 05.06.2026 22:15
Last: 05.06.2026 22:15
Sources 1
About this happening:
SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
SolarWinds security patch release for CVE-2026-28318
Security Patch ReleaseAbout this happening: SolarWinds released **Serv-U 15.5.4 Hotfix 1** for **CVE-2026-28318**, an **actively exploited** denial-of-service flaw that can crash exposed **Serv-U** servers. The update fixes...
Timeline
-
22.01.2026 00:16 2 articles · 5mo ago
Cisco releases fixes for CVE-2026-20045
Mitigation Patch UpdateCisco fixed CVE-2026-20045, a critical remote code execution flaw affecting Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. The bug stems from improper validation of user-supplied input in HTTP requests, and successful exploitation could let an attacker obtain user-level access and then elevate privileges to root; Cisco said attempts were observed in the wild, released version-specific updates and patch files, noted that no workaround exists without installing updates, and CISA added the CVE to its Known Exploited Vulnerabilities (KEV) Catalog with a February 11, 2026 deadline for federal agencies.
Show sources
- Cisco fixes Unified Communications RCE zero day exploited in attacks — www.bleepingcomputer.com — 22.01.2026 00:16
- Cisco fixes Unified Communications RCE zero day exploited in attacks — www.bleepingcomputer.com — 22.01.2026 00:16