Cisco Patches Critical Zero-Day Flaw Already Being Exploited in the Wild

Cisco patches critical zero-day vulnerability affecting 30M users, targeted by state-sponsored attackers, with full system compromise risk.

By Content Team

Jan 24, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cisco rushed to patch a critical zero-day vulnerability in its Unified Communications Manager after discovering attackers were already exploiting it. The flaw, CVE-2026-20045, affects products used by 30 million people for voice, video, and collaboration services.

Attackers can exploit the vulnerability by sending crafted HTTP requests to gain user-level access, then escalate to root privileges for complete system control. The vulnerability scored 8.2 on the CVSS scale but received Cisco's highest "critical" rating due to the potential for full system compromise.

CISA added the flaw to its Known Exploited Vulnerabilities catalog, and security researchers detected signs of mass scanning for vulnerable systems. This continues a troubling pattern of Cisco products being targeted by threat actors, particularly Chinese state-sponsored groups.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

PSNI Officers' Names Appear Again on Court Website After 2023 Data Breach

Feb 12, 2026

Critical WinRAR Vulnerability Under Active Attack by Russian, Chinese, and Criminal Groups

Jan 29, 2026

FortiGate Firewalls Under Automated Attack Since January 15

Jan 26, 2026

Chinese-Linked Hackers Target South Asian Infrastructure with Advanced Malware Arsenal

Jan 11, 2026