SSRF Vulnerability in Cisco Unity Connection Web Inbox
CVE-2026-20035

7.2HIGH

Key Information:

Vendor

Cisco
Status
Cisco Unity Connection
Vendor
CVE Published:
6 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-20035?

A vulnerability in the web UI of Cisco Unity Connection Web Inbox can allow unauthenticated remote attackers to perform SSRF attacks. This is due to improper input validation for specific HTTP requests. Exploitation of this vulnerability enables an attacker to send crafted HTTP requests, which in turn allows arbitrary network requests to be sent from the affected device, potentially compromising network security.

Affected Version(s)

Cisco Unity Connection 12.5(1)

Cisco Unity Connection 12.5(1)SU1

Cisco Unity Connection 12.5(1)SU2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.