Server-Side Request Forgery Vulnerability in Cisco Unified Communications Products
CVE-2026-20230
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 3 June 2026
Badges
What is CVE-2026-20230?
false
Affected Version(s)
Cisco Unified Communications Manager
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2026-20230Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Cisco Unified CM CVE-2026-20230 is under active exploitation, allowing file writes on WebDialer-enabled systems.
2 hours ago
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks.
11 hours ago
WebpronewsCVE-2026-20230Cisco Races to Patch Unified CM Flaw as Public Exploit Code Raises Stakes
Cisco patched CVE-2026-20230, a high-severity SSRF flaw in Unified Communications Manager that lets unauthenticated attackers write files and potentially gain root access when WebDialer is enabled. With public proof-of-concept code now available, organizations must act fast to update or disable the ...
3 weeks ago
References
EPSS Score
20% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐
Vulnerability started trending
- ๐ก
Public PoC available
- ๐ฐ
First article discovered by Securityweek
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved