Remote Code Execution Vulnerability in Cisco Unity Connection Management Interface
CVE-2026-20034

8.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Unity Connection
Vendor: CVE Published:; 6 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20034?

A significant vulnerability exists within the web-based management interface of Cisco Unity Connection that can be exploited by an authenticated remote attacker. This flaw stems from inadequate validation of input provided by users, allowing potential exploitation through crafted API requests. If successfully executed, this vulnerability grants the attacker the capability to execute arbitrary code with root privileges, which could lead to a complete compromise of the affected device. To exploit this weakness, attackers must possess valid user credentials for access to the device.

Affected Version(s)

Cisco Unity Connection 12.5(1)

Cisco Unity Connection 12.5(1)SU1

Cisco Unity Connection 12.5(1)SU2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 6, 2026
Vulnerability published
May 6, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20034 Data

JSON