Cisco has patched a serious remote code execution vulnerability (CVE-2026-20045) in its Unified Communications and Webex Calling products, which has been actively exploited in attacks. The flaw allows attackers to gain elevated access on affected systems through crafted HTTP requests. Users are urged to update their software as there are no effective workarounds.

Cisco has announced a critical vulnerability, tracked as CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated remote attackers to gain root access through arbitrary code execution. The vulnerability has a maximum CVSS score of 10, and Cisco has released patches to address it along with related vulnerabilities disclosed in June. Customers are urged to upgrade to the latest software versions to mitigate the risk.