CVE-2026-20230: Cisco Unified CM WebDialer SSRF Can Lead to Root-Level Compromise

Cisco disclosed CVE-2026-20230, an unauthenticated SSRF in Cisco Unified CM and Unified CM SME (CVSS 8.6) that can be chained to write files to the appliance OS and potentially enable root-level compromise; exploitation requires the WebDialer service to be enabled (disabled by default). Cisco provides fixes and interim mitigations (disable WebDialer), PSIRT notes public PoC exists though no active exploitation has been observed, and defenders are advised to patch, disable WebDialer if necessary, and monitor for SSRF and post-exploitation indicators.