- 12/2026
- High
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, escalate privileges, perform denial-of-service attacks, obtain sensitive information, or execute arbitrary commands/code and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Unified Communications Products Remote Code Execution Vulnerability (CVE-2026-20045):
- CVSS: 8.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Intersight Virtual Appliance Privilege Escalation Vulnerability (CVE- 2026-20092):
- CVSS: 6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco Unified CM, CM SME, and CM IM&P.
- Cisco Unified Customer Voice Portal (CVP) and Unified Intelligence Center (CUIC).
- Cisco Intersight Connected Virtual Appliance (CVA).
- Cisco ISE and Cisco ISE-PIC.
- Cisco EPNM and Cisco Prime Infrastructure.
- Cisco IEC6400 Wireless Backhaul Edge Compute Software.
- Cisco Virtualized Voice Browser.
- Cisco Webex Calling Dedicated Instance.
Vulnerabilities
- CVE-2026-20026
- CVE-2026-20027
- CVE-2026-20029
- CVE-2026-20045
- CVE-2026-20047
- CVE-2026-20055
- CVE-2026-20075
- CVE-2026-20076
- CVE-2026-20080
- CVE-2026-20092
- CVE-2026-20109
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.