Cisco warns of critical Unified CM flaw with PoC exploit code

Cisco released security updates for CVE-2026-20230, a critical SSRF vulnerability in Unified Communications Manager that can be exploited remotely to write files and potentially achieve root privileges; proof-of-concept code exists but Cisco reports no evidence of active exploitation, and recommended mitigations are installing the provided patches (14SU6/15SU5) or disabling the WebDialer service until patched.