Actively exploited Cisco Unified Communications zero-day resolved

Fixes have been rolled out by Cisco to address a critical zero-day impacting its Unified Communications suite, tracked as CVE-2026-20045, amid ongoing exploitation, reports The Register.

Attackers could leverage the vulnerability which stems from the faulty HTTP handling of the web-based management interfaces of Cisco Unified CM, Session Management Edition, Cisco Unity Connection, IM & Presence Service, and Webex Calling Dedicated Instance platforms to achieve total system breaches, according to Cisco's Product Security Incident Response Team. More details on the extent of compromise and potential data theft from the exploitation, as well as the intrusions' perpetrators, have not been provided.

Such a development follows Cisco's release of updates to resolve a critical remote code execution flaw in Secure Email Gateway and Secure Email and Web Manager offerings, tracked as CVE-2025-20393, which has already been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.