Vulnerability-Lookup

WID-SEC-W-2026-0192

Vulnerability from csaf_certbund - Published: 2026-01-21 23:00 - Updated: 2026-01-21 23:00

Summary

Cisco Unified Communications Manager, Unified Communications Manager IM & Presence Service und Unity Connection: Schwachstelle ermöglicht Codeausführung

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Cisco Unified Communications Manager (CUCM, ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen. Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen. Cisco Unity Connection ist ein umfangreiches Voicemail und Integrated-Messaging- Produkt. Mit Cisco Unity Connection können Benutzer mit dem Cisco Unified Personal Communicator auf ihre Sprachnachrichten zugreifen, das Display ihres Cisco Unified IP-Telefons nutzen, um Sprachnachrichten anzuzeigen, zu sortieren und wiederzugeben, und sogar die Sprachsteuerung von Cisco Unity Connection verwenden, um auf Cisco Unified MeetingPlace Express Meetings zuzugreifen.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM & Presence Service und Cisco Unity Connection ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2026-20045

Affected products

Known affected 6 products

Product	Identifier	Version	Remediation
Cisco Unity Connection <14SU5 Cisco / Unity Connection		<14SU5
Cisco Unified Communications Manager IM & Presence Service <15SU4 Cisco / Unified Communications Manager IM & Presence Service		<15SU4
Cisco Unity Connection <15SU4 Cisco / Unity Connection		<15SU4
Cisco Unified Communications Manager (CUCM) <14SU5 Cisco / Unified Communications Manager (CUCM)		<14SU5
Cisco Unified Communications Manager IM & Presence Service <14SU5 Cisco / Unified Communications Manager IM & Presence Service		<14SU5
Cisco Unified Communications Manager (CUCM) <15SU4 Cisco / Unified Communications Manager (CUCM)		<15SU4

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://sec.cloudapps.cisco.com/security/center/c…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Cisco Unified Communications Manager (CUCM, ehemals CallManager) dient zur Gespr\u00e4chsvermittlung in IP-Telefonie-Netzen.\r\nDer Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gespr\u00e4chsvermittlung in IP-Telefonie-Netzen.\r\nCisco Unity Connection ist ein umfangreiches Voicemail und Integrated-Messaging- Produkt. Mit Cisco Unity Connection k\u00f6nnen Benutzer mit dem Cisco Unified Personal Communicator auf ihre Sprachnachrichten zugreifen, das Display ihres Cisco Unified IP-Telefons nutzen, um Sprachnachrichten anzuzeigen, zu sortieren und wiederzugeben, und sogar die Sprachsteuerung von Cisco Unity Connection verwenden, um auf Cisco Unified MeetingPlace Express Meetings zuzugreifen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Unified Communications Manager (CUCM), Cisco Unified Communications Manager IM \u0026 Presence Service und Cisco Unity Connection ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0192 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0192.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0192 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0192"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory vom 2026-01-21",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
      }
    ],
    "source_lang": "en-US",
    "title": "Cisco Unified Communications Manager, Unified Communications Manager IM \u0026 Presence Service und Unity Connection: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2026-01-21T23:00:00.000+00:00",
      "generator": {
        "date": "2026-01-22T10:39:09.908+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0192",
      "initial_release_date": "2026-01-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14SU5",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) \u003c14SU5",
                  "product_id": "T050253"
                }
              },
              {
                "category": "product_version",
                "name": "14SU5",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) 14SU5",
                  "product_id": "T050253-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager:14su5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15SU4",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) \u003c15SU4",
                  "product_id": "T050254"
                }
              },
              {
                "category": "product_version",
                "name": "15SU4",
                "product": {
                  "name": "Cisco Unified Communications Manager (CUCM) 15SU4",
                  "product_id": "T050254-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager:15su4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Communications Manager (CUCM)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14SU5",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service \u003c14SU5",
                  "product_id": "T050255"
                }
              },
              {
                "category": "product_version",
                "name": "14SU5",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service 14SU5",
                  "product_id": "T050255-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:14su5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15SU4",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service \u003c15SU4",
                  "product_id": "T050256"
                }
              },
              {
                "category": "product_version",
                "name": "15SU4",
                "product": {
                  "name": "Cisco Unified Communications Manager IM \u0026 Presence Service 15SU4",
                  "product_id": "T050256-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:15su4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unified Communications Manager IM \u0026 Presence Service"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14SU5",
                "product": {
                  "name": "Cisco Unity Connection \u003c14SU5",
                  "product_id": "T050257"
                }
              },
              {
                "category": "product_version",
                "name": "14SU5",
                "product": {
                  "name": "Cisco Unity Connection 14SU5",
                  "product_id": "T050257-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unity_connection:14su5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15SU4",
                "product": {
                  "name": "Cisco Unity Connection \u003c15SU4",
                  "product_id": "T050258"
                }
              },
              {
                "category": "product_version",
                "name": "15SU4",
                "product": {
                  "name": "Cisco Unity Connection 15SU4",
                  "product_id": "T050258-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:cisco:unity_connection:15su4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Unity Connection"
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-20045",
      "product_status": {
        "known_affected": [
          "T050257",
          "T050256",
          "T050258",
          "T050253",
          "T050255",
          "T050254"
        ]
      },
      "release_date": "2026-01-21T23:00:00.000+00:00",
      "title": "CVE-2026-20045"
    }
  ]
}

CVE-2026-20045 (GCVE-0-2026-20045)

Vulnerability from cvelistv5 – Published: 2026-01-21 16:26 – Updated: 2026-02-26 14:44

Title

Cisco Unified Communications Products Remote Code Execution Vulnerability

Summary

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

cisco

References

2 references

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

Impacted products

3 products

Vendor	Product	Version
Cisco	Cisco Unified Communications Manager	Affected: 12.5(1)SU2 Affected: 12.5(1)SU1 Affected: 12.5(1) Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 12.5(1)SU7 Affected: 12.5(1)SU7a Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 12.5(1)SU8a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 14SU4a Affected: 15SU1a Affected: 12.5(1)SU9 Affected: 15SU2 Affected: 15.0.1.13010-1 Affected: 15.0.1.13011-1 Affected: 15.0.1.13012-1 Affected: 15.0.1.13013-1 Affected: 15.0.1.13014-1 Affected: 15.0.1.13015-1 Affected: 15.0.1.13016-1 Affected: 15.0.1.13017-1 Affected: 15SU3a
Cisco	Cisco Unified Communications Manager IM and Presence Service	Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 14SU2a Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 12.5(1)SU9 Affected: 15SU2 Affected: 15SU3
Cisco	Cisco Unity Connection	Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 14SU3a Affected: 12.5(1)SU8a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 12.5(1)SU9 Affected: 15SU2 Affected: 15SU3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20045",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-22T04:55:44.107919Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-01-21",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:34.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-01-21T00:00:00.000Z",
            "value": "CVE-2026-20045 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7a"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "14SU4a"
            },
            {
              "status": "affected",
              "version": "15SU1a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "15SU2"
            },
            {
              "status": "affected",
              "version": "15.0.1.13010-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13011-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13012-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13013-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13014-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13015-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13016-1"
            },
            {
              "status": "affected",
              "version": "15.0.1.13017-1"
            },
            {
              "status": "affected",
              "version": "15SU3a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "15SU2"
            },
            {
              "status": "affected",
              "version": "15SU3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unity Connection",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "14SU3a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            },
            {
              "status": "affected",
              "version": "15SU2"
            },
            {
              "status": "affected",
              "version": "15SU3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\u0026nbsp;\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T20:33:31.808Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-voice-rce-mORhqY4b",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
        }
      ],
      "source": {
        "advisory": "cisco-sa-voice-rce-mORhqY4b",
        "defects": [
          "CSCwr21851"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Communications Products Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20045",
    "datePublished": "2026-01-21T16:26:20.312Z",
    "dateReserved": "2025-10-08T11:59:15.354Z",
    "dateUpdated": "2026-02-26T14:44:34.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0192

CVE-2026-20045 (GCVE-0-2026-20045)

Tags

Sightings

Nomenclature