Cisco Confirms Active Exploitation of New Zero-Day Vulnerability in HTTP Web Services (CVE-2026-20045)

Cisco published an advisory on January 21 confirming that the vulnerability CVE-2026-20045 is being actively exploited. This is an improper input validation vulnerability in the HTTP request handler that allows unauthenticated attackers to crash devices or potentially execute arbitrary code. The CISA has already added this vulnerability to the KEV (Known Exploited Vulnerabilities) catalog with a deadline of February 11 for federal agencies to apply patches.