Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild
ID: 2b288166-be6f-5792-823a-c223654f357f
STIX ID: report--2b288166-be6f-5792-823a-c223654f357f
Feed Name: Security Affairs
Threat Score
Cisco Unified Communications Manager suffers a serious vulnerability (CVE-2026-20230, CVSS 8.6) in the WebDialer service that allows unauthenticated SSRF attacks to write files and potentially escalate to root; public proof-of-concept code exists and researchers (Defused Cyber) have observed active exploitation, so administrators should disable WebDialer until patches (first fixed releases: 14SU6 and 15SU5 / COP 1) are applied.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
