Ref# ADV2026_29 | Date: Jan 23rd 2026

---

Cisco published a security advisory highlighting vulnerabilities in the following products on January 21st, 2026. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Cisco Unified CM – versions prior to 12.5, 14 and 15 

• Unified CM IM&P – versions prior to 12.5, 14 and 15 

• Unified CM SME – versions prior to 12.5, 14 and 15 

• Webex Calling Dedicated Instance – versions prior to 12.5, 14 and 15 

• Cisco Unity Connection Release – versions prior to 12.5, 14 and 15 

 

For more information on these updates, you can follow these URLs: 

• CISA KEV: CVE-2026-20045 

• Cisco Unified Communications Products Remote Code Execution Vulnerability 

• Cisco Security Advisories 

 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary. 

 PDF Download: Cisco Security Advisory

References 

• CISA KEV: CVE-2026-20045. (January 21, 2026). Retrieved from Cisco. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20045 

 

• Cisco Unified Communications Products Remote Code Execution Vulnerability. (January 21, 2026). Retrieved from Cisco. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b 

 

• Cisco Security Advisories. (n.b). Retrieved from Cisco. https://tools.cisco.com/security/center/publicationListing.x 

 

• Cisco security advisory. (January 21, 2026). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-048