File Download Vulnerabilities in Cisco Unity Connection
CVE-2026-20081

6.5MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Unity Connection
Vendor
CVE Published:
15 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-20081?

Cisco Unity Connection contains multiple vulnerabilities that allow an authenticated remote attacker to download arbitrary files from the affected system. These vulnerabilities stem from improper sanitization of user input within the web-based management interface. An attacker with valid administrative credentials can exploit these issues by crafting specific HTTPS requests, potentially leading to unauthorized access to sensitive files on the system.

Affected Version(s)

Cisco Unity Connection 12.5(1)

Cisco Unity Connection 12.5(1)SU1

Cisco Unity Connection 12.5(1)SU2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.