Cisco Unified CM Zero-Day Under Attack

Hackers are actively exploiting a Cisco Unified CM zero-day vulnerability that allows remote code execution without authentication, prompting the company to release an urgent security fix. Identified as CVE-2026-20045, the flaw affects Cisco’s communication platform and poses a critical risk to organizations relying on the software for enterprise connectivity.

The company issued patches to address the issue and urged immediate implementation to mitigate potential threats. Attackers can leverage the flaw to take full control of vulnerable systems remotely, raising major concerns for enterprises using unpatched servers.

Cisco did not disclose how many customers could be affected, but the severity of the vulnerability suggests widespread exposure. Security teams are advised to prioritize patch deployment to prevent further exploitation as malicious actors continue targeting high-value communications systems.

The Cisco Unified CM zero-day alerts organizations to a growing trend of targeted attacks on core IT infrastructure. Read the full report for complete details:

https://www.securityweek.com/hackers-targeting-cisco-unified-cm-zero-day/