Record summary
A quick snapshot of what this page covers.
CISA KEVyesWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies0Examples where this vulnerability is mentioned.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
CISA KEV
- CVE ID
- CVE-2026-20045
- Vendor/project
- Cisco
- Product
- Unified Communications Manager
- Vulnerability name
- Cisco Unified Communications Products Code Injection Vulnerability
- Date added
- 2026-01-21
- Due date
- 2026-02-11
- Known ransomware campaign use
- Unknown
CWE-94
Exploit context
What the vulnerability is about.
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
Source
Where this page information comes from.
Original source
Original source links
Open the public records and source datasets used for this page.