Urgent 3CX Security Hotfix: Action Required for Publicly Accessible Systems
sourse: https://www.3cx.com/blog/news/security-hotfix-june-2026/
3CX has released an important security hotfix related to a web server configuration vulnerability involving a third-party component.
If your 3CX deployment is accessible from the public internet, you should apply the latest available update immediately. 3CX-hosted systems have already been updated centrally, so no customer action is required for those instances.
Who Is Affected?
| Deployment Type | Publicly Accessible from the Internet? | Action Required |
|---|---|---|
| Hosted by 3CX | Managed by 3CX | No customer action required. The fix has already been applied. |
| On-premises | No, protected behind firewall or VPN | No immediate emergency action required, but update during the next maintenance window. |
| Self-hosted cloud | No, protected behind firewall or VPN | No immediate emergency action required, but update during the next maintenance window. |
| On-premises | Yes | At risk. Apply the hotfix immediately. |
| Self-hosted cloud | Yes | At risk. Apply the hotfix immediately. |
Required Action
Administrators should apply the latest available update from the 3CX Admin Console.
To update your 3CX system:
- Log in to the 3CX Admin Console.
- Go to System > Updates.
- Select the latest available update.
- Click Download and complete the installation.
- Confirm that the system has updated successfully.
Version-Specific Guidance
| Current Version | Required Action |
|---|---|
| Version 20 Update 7 or earlier | Update to 20.0.8.1131 |
| Version 20 Update 8 with automatic updates enabled | The system should apply the fix automatically. If automatic updates run weekly or monthly, update manually to 20.0.8.1131. |
| Version 20 Update 8 with automatic updates disabled | Update to 20.0.8.1131 |
| Version 20 Update 9 | Update to 20.0.9.987 |
Recommended Security Steps
If your 3CX system is publicly accessible, we recommend taking the following steps immediately:
- Apply the latest 3CX update without delay.
- Restrict access to the 3CX Admin Console where possible.
- Use firewall rules or VPN access to limit exposure.
- Confirm that automatic updates are enabled and scheduled appropriately.
- Monitor the system after the update for any unusual activity.
Need Help Updating Your 3CX System?
If you are unsure whether your 3CX deployment is affected, or you need help applying the latest security update, our IT support team can assist with checking your system, applying the required hotfix, and reviewing your firewall or VPN configuration.
Contact us today to make sure your 3CX system is secure and up to date.
