CVE-2026-20045: Cisco Unified Communications Products Code Injection

Cisco Unified Communications Products Code Injection Vulnerability. Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.

• CISA KEV-listed (remediation due 2026-02-11)
• EPSS 3.0% (86.9% percentile)

Browse the CVE database

Read the full analysis on IntelFusions