Cisco has patched a serious remote code execution vulnerability, identified as CVE-2026-20045, affecting several of its Unified Communications products, including Unified Communications Manager and Webex Calling. This flaw allows attackers to exploit the system by sending specially crafted HTTP requests, potentially gaining user-level access and escalating privileges to root. The vulnerability has a CVSS score of 8.2, prompting Cisco to classify it with Critical severity due to the significant risk it poses. Cisco has released specific updates and patch files for various software versions. For Unified CM, versions 12.5, 14, and 15 are affected, with required upgrades or patches outlined for each release. Similarly, Cisco Unity Connection has the same version requirements. Users need to consult the README files for each patch to ensure compatibility and effectiveness. Cisco’s Product Security Incident Response Team (PSIRT) has confirmed that exploitation attempts have been detected, urging users to update their systems promptly. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerabilities Catalog, mandating federal agencies to implement updates by February 11, 2026. This urgency reflects broader concerns about cybersecurity, especially as Cisco addresses other vulnerabilities, including recent issues in its Identity Services Engine and AsyncOS.