Cisco security advisory (AV26-048)

Serial number: AV26-048
Date: January 22, 2026

On January 21, 2026, Cisco published a security advisory to address a critical vulnerability in the following products:

Cisco Unified CM – versions prior to 12.5, 14 and 15
Unified CM IM&P – versions prior to 12.5, 14 and 15
Unified CM SME – versions prior to 12.5, 14 and 15
Webex Calling Dedicated Instance – versions prior to 12.5, 14 and 15
Cisco Unity Connection Release – versions prior to 12.5, 14 and 15

On January 21, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20045 to their Known Exploited Vulnerabilities (KEV) Database.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.

CISA KEV: CVE-2026-20045
Cisco Unified Communications Products Remote Code Execution Vulnerability
Cisco Security Advisories

Date modified:: 2026-01-21

Language selection

Search

Cisco security advisory (AV26-048)