Cisco Unified CM Vulnerability Exposed with Public Exploit Code

A high-severity SSRF vulnerability (CVE-2026-20230) in Cisco Unified CM's WebDialer can allow unauthenticated attackers to perform server-side request forgery, write unauthorized files, and achieve full system takeover; Cisco rated the issue Critical (CVSS 8.6) due to the downstream risk. Public proof-of-concept code is available, so affected administrators should immediately disable WebDialer if enabled, deploy vendor fixes (upgrade to 14SU6 or 15SU5, or apply the COP patch), and monitor HTTP traffic for anomalous requests.