Skip to main content

Cisco SystemsCisco zero-day vulnerability (CVE-2026-20045) actively exploited in wild before patch released

On January 21, 2026, Cisco disclosed a critical code injection vulnerability (CVE-2026-20045, CVSS 8.2) affecting Unified Communications Manager, Webex Calling, and related products that was actively exploited as a zero-day before a patch was available. The vulnerability allowed attackers to send crafted HTTP requests to obtain user-level access to the underlying operating system and escalate privileges to root. Cisco's PSIRT was aware of attempted exploitation in the wild. The U.S. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog and gave federal agencies until February 11, 2026 to deploy updates. The zero-day status indicates attackers discovered the vulnerability before Cisco's security teams, representing a failure to identify and remediate critical vulnerabilities before exploitation.

Scoring Impact

TopicDirectionRelevanceContribution
Consumer Protection-againstsecondary-0.50
Data Security-againstprimary-1.00
Overall incident score =-0.383

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.68)× agency (negligent ×0.5)

Evidence (2 signals)

Confirms product_decision Jan 21, 2026 verified

Cisco disclosed CVE-2026-20045 critical vulnerability with CVSS 8.2 actively exploited as zero-day

Cisco disclosed a critical code injection vulnerability (CVE-2026-20045) with CVSS score of 8.2 affecting Unified Communications Manager, Webex Calling Dedicated Instance, and related products. The vulnerability stemmed from improper validation of user-supplied input in HTTP requests, allowing attackers to obtain user-level access and escalate to root privileges. Cisco's Product Security Incident Response Team (PSIRT) was aware of attempted exploitation in the wild, confirming zero-day status. No workarounds were available, requiring immediate patches.

BleepingComputer(opens in new tab),SOC Prime(opens in new tab)
Confirms Legal Action Jan 21, 2026 verified

CISA added CVE-2026-20045 to Known Exploited Vulnerabilities catalog with Feb 11 federal deadline

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco's CVE-2026-20045 to its Known Exploited Vulnerabilities (KEV) Catalog, designating it as a confirmed actively exploited vulnerability requiring urgent remediation. CISA gave federal agencies until February 11, 2026 to deploy updates. Inclusion in the KEV catalog signifies that the vulnerability poses significant risk to federal enterprise and is being actively exploited in real-world attacks.

Help Net Security(opens in new tab)

Related: Same Topics

Bhavish Aggarwal · Engaged in heated public feud with comedian over customer complaints, stock dropped 8%
Ola Electric · India's CCPA issued show cause notice after over 80,000 consumer complaints about EV quality
Zepto · Accused of charging iPhone users up to 5x more than Android users for identical products
Zepto · India's CCPA fined Zepto ₹7 lakh for using dark patterns including drip pricing and basket sneaking
Microsoft · Microsoft committed to expand right-to-repair options following shareholder pressure