logo

Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild

ID: 2b288166-be6f-5792-823a-c223654f357f

STIX ID: report--2b288166-be6f-5792-823a-c223654f357f

Feed Name: Security Affairs

Threat Score
75/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Pierluigi Paganini

...
...

Cisco Unified Communications Manager suffers a serious vulnerability (CVE-2026-20230, CVSS 8.6) in the WebDialer service that allows unauthenticated SSRF attacks to write files and potentially escalate to root; public proof-of-concept code exists and researchers (Defused Cyber) have observed active exploitation, so administrators should disable WebDialer until patches (first fixed releases: 14SU6 and 15SU5 / COP 1) are applied.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.