Tuesday , July 14 2026
ShinyHunters

CVE-2026-20045
Cisco discloses Unified Communications RCE zero day flaw exploited in attacks

Cisco revealed a zero-day RCE vulnerability, CVE-2026-20045, that is being actively exploited. The vulnerability in key Unified Communications products lets unauthenticated attackers execute arbitrary commands on the OS, risking root access.

This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

Affected Products:

This vulnerability impacts these Cisco products regardless of configuration:

Product Bug ID
Unified CM CSCwr21851
Unified CM SME CSCwr21851
Unified CM IM&P CSCwr29216
Unity Connection CSCwr29208
Webex Calling Dedicated Instance CSCwr21851

Products like Contact Center SIP Proxy, Unified CCE, and others are confirmed unaffected. Check the advisory for full details.

Fixed Releases and Patches:

Cisco released updates and patches. Migrate or apply version-specific fixes; consult patch READMEs.

Unified CM, IM&P, SME, Webex Calling

Release First Fixed Release
12.5 Migrate to fixed release
14 14SU5 or 14SU4a patch
15 15SU4 (Mar 2026) or 15SU2/3 patches

Unity Connection

Release First Fixed Release
12.5 Migrate to fixed release
14 14SU5 or 14SU4 patch
15 15SU4 (Mar 2026) or 15SU3 patch

PSIRT validates only listed releases.

Exploitation in the Wild:

Cisco PSIRT found active exploits affecting unpatched systems. Attackers probably use automated tools to search for exposed interfaces. Companies with vulnerable VoIP/UC systems are at considerable risk, particularly in hybrid work settings.

Apply patches right away. Limit the management interface to trusted IPs using firewalls. Keep an eye on logs for unusual HTTP requests. CISA has added this to the Known Exploited Vulnerabilities list.

Check Also

Tenda

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to …