PoC Exploit Released for Cisco Unified Communications Manager Security Vulnerability

A public proof-of-concept has been released for CVE-2026-20230, a server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager and Unified CM SME that can allow unauthenticated attackers to perform SSRF, write arbitrary files to the OS, and potentially escalate to root; exploitation requires the Cisco WebDialer service to be enabled. Cisco assigned a Critical Security Impact Rating despite a CVSS 3.1 base score of 8.6; Cisco has released patches and recommends disabling WebDialer until systems are updated, while defenders should monitor for unusual outbound requests and unauthorized file creation.