Cisco released emergency software updates for a critical Remote Code Execution (RCE) vulnerability in its Unified Communications products. The flaw, cataloged as CVE-2026-20045, stems from improper validation of user-supplied input in HTTP requests. The vulnerability is confirmed to be under active exploitation.
The U.S. cybersecurity agency added the issue to its Known Exploited Vulnerabilities (KEV) Catalog. Customers must apply the patches immediately to mitigate the risk of potential breaches and protect networks from ongoing attacks.