Cisco Unified Communications RCE zero-day (CVE-2026-20045)
Vulnerability
Summary
Hide ▲
Show ▼
Cisco has fixed CVE-2026-20045, a critical RCE zero-day in Cisco Unified Communications and Webex Calling products that was actively exploited in attacks. The flaw affects Unified CM, SME, IM & Presence, Unity Connection, and Webex Calling Dedicated Instance, and successful exploitation can lead to root access. Cisco released version-specific patches, said there are no workarounds, and CISA added the CVE to the KEV Catalog with a February 11, 2026 deadline.
Related Happenings
Cisco Unified CM SSRF root-privilege flaw (CVE-2026-20230)
Vulnerability
H score49
First: 04.06.2026 14:09
Last: 04.06.2026 14:09
Sources 1
About this happening:
**CVE-2026-20230** exposes **Cisco Unified CM** systems with **WebDialer enabled** to remote **SSRF** abuse that can lead to **root-level compromise**. The flaw can be triggered w...
Cisco Unified CM SSRF root-privilege flaw (CVE-2026-20230)
VulnerabilityAbout this happening: **CVE-2026-20230** exposes **Cisco Unified CM** systems with **WebDialer enabled** to remote **SSRF** abuse that can lead to **root-level compromise**. The flaw can be triggered w...
Latest development: 26.06.2026 22:43
Cisco released a patch for CVE-2026-20230 in Cisco Unified Communications Manager Server and warned that the critical server-side request forgery flaw could be exploited remotely and without authentication via specially crafted HTTP requests.
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/Mitigation
H score25
First: 20.05.2026 01:25
Last: 20.05.2026 01:25
Sources 1
About this happening:
**HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/MitigationAbout this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)
Exploitation Wave
H score46
First: 17.05.2026 14:57
Last: 17.05.2026 14:57
Sources 1
About this happening:
**openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...
OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)
Exploitation WaveAbout this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/Mitigation
H score44
First: 15.05.2026 12:40
Last: 15.05.2026 12:40
Sources 1
About this happening:
**Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Microsoft Exchange CVE-2026-42897 mitigation advisory
Advisory/MitigationAbout this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...
Latest development: 15.05.2026 15:35
Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.
Timeline
-
22.01.2026 00:16 2 articles · 5mo ago
Cisco discloses and fixes CVE-2026-20045 zero-day
Initial DisclosureCisco fixed CVE-2026-20045, a critical remote code execution vulnerability in Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. Cisco's advisory says the flaw is caused by improper validation of user-supplied input in HTTP requests to the web-based management interface, and successful exploitation could let an attacker gain user-level access and then elevate privileges to root. Cisco says the issue has been actively exploited as a zero-day, released version-specific software updates and patch files, and stated that no workaround can mitigate the flaw without installing updates. CISA also added CVE-2026-20045 to the Known Exploited Vulnerabilities (KEV) Catalog and set February 11, 2026 as the update deadline for federal agencies.
Show sources
- Cisco fixes Unified Communications RCE zero day exploited in attacks — www.bleepingcomputer.com — 22.01.2026 00:16
- Cisco fixes Unified Communications RCE zero day exploited in attacks — www.bleepingcomputer.com — 22.01.2026 00:16