CVE-2026-20045 is a critical SSRF-to-root privilege escalation chain in Cisco Unified Communications Manager (CUCM) and Unified CM SME (CVSS 9.5, EPSS 89.9th percentile) that was weaponized within 24 hours of public disclosure. A related remote code execution advisory (cisco-sa-voice-rce-mORhqY4b) affecting Cisco Unified Communications products warrants concurrent review. Any organization running CUCM in production faces immediate risk of full system compromise across voice and unified communications infrastructure.