Hackers Targeting Cisco Unified CM Zero-Day - SecurityWeek

Cisco on Wednesday announced patches for yet another zero-day vulnerability targeted by threat actors. The flaw, tracked as CVE-2026-20045 and classified as critical, affects several of Cisco’s unified communications products, including Cisco Unified Communications Manager (CM) and its Session Management Edition (SME), Unified CM IM & Presence Service, Unity Connection, and Webex Calling Dedicated Instance. According to Cisco, a remote, unauthenticated attacker can exploit CVE-2026-20045 to execute malicious commands on the underlying OS of the device. The zero-day, reported to the vendor by unnamed external researchers, can be exploited by sending specially crafted HTTP requests to the targeted instance’s web-based management interface.  “A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root,” Cisco explained. There does not appear to be any public information on the attacks targeting CVE-2026-20045. Cisco noted in its advisory that it is “aware of attempted exploitation of this vulnerability in the wild”. The cybersecurity-focused internet search engine Hunter is currently showing roughly 1,300 internet-exposed instances of Cisco Unified CM, nearly half in the United States. The cybersecurity agency CISA has added CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address it by February 11.  CISA’s KEV catalog currently includes roughly 80 Cisco product vulnerabilities exploited in the wild over the past decade. Eight Cisco flaws were added to the agency’s ‘must patch’ list in the past year.  One of the most recent is CVE-2025-20393, a Secure Email Gateway issue that has been exploited in attacks by a China-linked APT. It took the networking giant several weeks to release patches after the public disclosure of the zero-day. Related: Hackers Target Cisco Smart Licensing Utility Vulnerabilities Related: Cisco Routers Hacked for Rootkit Deployment Related: Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs $3.6 Million Stolen in Bitcoin Depot Hack Data Leakage Vulnerability Patched in OpenSSL Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption  US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Severe StrongBox Vulnerability Patched in Android GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack  White House Seeks to Slash CISA Funding by $707 Million Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack Latest News Apple Intelligence AI Guardrails Bypassed in New Attack Can we Trust AI? No – But Eventually We Must Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Google Warns of New Campaign Targeting BPOs to Steal Corporate Data Adobe Reader Zero-Day Exploited for Months: Researcher 300,000 People Impacted by Eurail Data Breach Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move John Clancy has become Chief Executive Officer at Bitsight. Halcyon has appointed Dave Hannigan as Field Chief Information Security Officer. Pamela McLeod has been named as CISO of the state of New Hampshire. More People On The Move Expert Insights The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email