---
title: "CISA Warns of Actively Exploited Cisco Vulnerability: Patch Now"
short_title: "CISA adds critical Cisco vulnerability to KEV catalog"
description: "CISA has added CVE-2026-20045, a code injection flaw in Cisco Unified Communications, to its KEV catalog. Federal agencies and organizations urged to patch immediately."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2026-20045, cybersecurity, vulnerability-management, code-injection]
score: 0.85
cve_ids: [CVE-2026-20045]
---
TL;DR
CISA has added CVE-2026-20045, a critical code injection vulnerability in Cisco Unified Communications products, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must remediate this flaw by the specified deadline, while all organizations are urged to prioritize patching to mitigate risks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to an actively exploited vulnerability in Cisco Unified Communications products, adding it to the Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2026-20045, poses a significant risk to federal agencies and enterprises worldwide, as threat actors are already leveraging it to compromise systems.
Key Points
- CVE-2026-20045 is a code injection vulnerability in Cisco Unified Communications products, enabling attackers to execute arbitrary commands on affected systems.
- CISA’s Binding Operational Directive (BOD) 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate this vulnerability by the specified due date to protect against active threats.
- While BOD 22-01 applies only to federal agencies, CISA strongly recommends that all organizations prioritize patching this vulnerability to reduce exposure to cyberattacks.
- The KEV Catalog serves as a living list of vulnerabilities that carry significant risk, and CISA will continue to update it based on emerging threats.
---
Technical Details
CVE-2026-20045 is a code injection vulnerability that affects Cisco Unified Communications products. This type of flaw allows attackers to inject and execute malicious code on vulnerable systems, potentially leading to unauthorized access, data breaches, or further compromise of network infrastructure.
- Affected Systems: Cisco Unified Communications Manager (CallManager), Cisco Unity Connection, and other related products.
- Exploitation Vector: Attackers can exploit this vulnerability remotely by sending crafted requests to the affected system.
- Severity: While Cisco has not yet released a CVSS score, the active exploitation and inclusion in CISA’s KEV Catalog indicate a high-severity risk.
---
Impact Assessment
The inclusion of CVE-2026-20045 in CISA’s KEV Catalog underscores its critical nature and the immediate threat it poses to organizations. Key implications include:
- Federal Agencies: FCEB agencies are required to patch this vulnerability by the deadline specified in BOD 22-01 to comply with federal cybersecurity regulations.
- Enterprises and Organizations: Non-federal entities, including private sector companies, are at risk of targeted attacks if they fail to remediate this flaw. Exploitation could lead to data theft, operational disruption, or lateral movement within networks.
- Threat Landscape: The active exploitation of this vulnerability highlights the growing trend of threat actors targeting unified communications systems, which are often critical to business operations.
---
Mitigation Steps
To protect against CVE-2026-20045, organizations should take the following actions:
1. Apply Patches: Cisco has released patches to address this vulnerability. Organizations should immediately apply the latest updates to affected systems.
2. Monitor for Exploitation: Deploy intrusion detection systems (IDS) and security information and event management (SIEM) tools to detect signs of exploitation.
3. Restrict Access: Limit access to Cisco Unified Communications products to trusted networks and users only.
4. Review CISA Guidance: Refer to CISA’s [BOD 22-01 Fact Sheet](https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf) for additional recommendations on managing known exploited vulnerabilities.
---
Conclusion
The addition of CVE-2026-20045 to CISA’s Known Exploited Vulnerabilities Catalog serves as a critical reminder of the importance of proactive vulnerability management. Federal agencies must act swiftly to comply with BOD 22-01, while all organizations should prioritize patching this flaw to mitigate the risk of cyberattacks. As threat actors continue to target unified communications systems, staying vigilant and adhering to best practices in cybersecurity is essential to safeguarding critical infrastructure.
---
References
[^1]: CISA. "[CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2026/01/21/cisa-adds-one-known-exploited-vulnerability-catalog)". Retrieved 2025-01-24.
[^2]: CVE. "[CVE-2026-20045 Detail](https://www.cve.org/CVERecord?id=CVE-2026-20045)". Retrieved 2025-01-24.
[^3]: CISA. "[Binding Operational Directive 22-01](https://www.cisa.gov/binding-operational-directive-22-01)". Retrieved 2025-01-24.