CVE-2026-20045 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-01-21

Added to CISA KEV: 2026-01-21 0 DAY BETWEEN CVE AND KEV

CRITICAL: Immediately check for indicators of compromise - Cisco confirms active exploitation attempts. Review web server logs for unusual HTTP request patterns, verify system integrity, and check for unauthorized access or privilege escalation
Apply security patches immediately - Cisco has assigned Critical SIR rating due to root privilege escalation potential
Implement network segmentation to restrict management interface access to trusted networks only
Monitor web management interface access logs for suspicious crafted HTTP request sequences
HIGHEST patch priority - actively exploited critical infrastructure vulnerability

Regarding CVE-2026-20045, here's what is known about its exploitation:

Internet-facing applications or services: The vulnerability affects the web-based management interface of affected devices. ^[2]
Evidence of active exploitation in the wild: There is no explicit mention of active exploitation in the wild in the provided information.
Attack vectors and exploitation methods: An attacker can exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface. ^[2]
Use in targeted attacks: The provided information does not specify if this vulnerability has been used in targeted attacks.
CISA Known Exploited Vulnerabilities status: CVE-2026-20045 is not listed on the CISA Known Exploited Vulnerabilities Catalog based on the provided search results. ^[3]
Technical details about internet exploitability: The exploit involves sending crafted HTTP requests to the management interface. A successful exploitation could allow an attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. ^[1] The vulnerability has a Security Impact Rating (SIR) of Critical due to the potential for privilege escalation to root. ^[1]

Cisco Unified Communications Products Remote Code Execution...
An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. N…
CVE-2026-20045 - High Vulnerability - TheHackerWire
An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected ...
Known Exploited Vulnerabilities Catalog
CVE-2026-20805. Microsoft Windows Information Disclosure Vulnerability: · Related CWE: CWE-200. Known To Be Used in Ransomware Campaigns? Unknown ; CVE-2025-8110.

🔴 CVE-2026-20045