Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges
ID: 10270fdb-e124-5817-bb00-86eeb3b01a77
STIX ID: report--10270fdb-e124-5817-bb00-86eeb3b01a77
Feed Name: Security Affairs
Threat Score
**Cisco patched a critical SSRF vulnerability (CVE-2026-20230) in Unified CM / Unified CM SME; public PoC code is available and successful exploitation could allow file writes that enable later root escalation.** Cisco recommends disabling the WebDialer service (disabled by default) until patches are applied; fixed releases include 14SU6 and 15SU5 (or COP1).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.