Cisco Releases Patches for Actively Exploited Zero-Day Vulnerability in Unified Communications Products

Cisco has released patches for a critical vulnerability affecting multiple Unified Communications (CM) and Webex Calling Dedicated Instance products, which has been actively exploited as a zero-day. The vulnerability, tracked as CVE-2026-20045 (CVSS score: 8.2), allows an unauthenticated remote attacker to execute arbitrary commands on affected systems. Cisco confirms that this flaw has been exploited in real-world attacks prior to the release of the patches.