CVE-2026-20230 – Cisco Unified Communications Manager

CVSS 8.6 IMPORTANT Critical or Zero Day – Immediate Deployment

“An exposed communications platform can become the first step toward full system compromise.”

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition have been updated to address CVE-2026-20230. This vulnerability has a CVSS score of 8.6, which is High severity. The issue is caused by improper input validation that can allow an unauthenticated remote attacker to perform server-side request forgery (SSRF) attacks against an affected system.

A successful attack could allow an attacker to write files to the underlying operating system, creating a path for later privilege escalation to root. Public proof-of-concept code has been reported for this vulnerability. Cisco assigned the issue a Critical Security Impact Rating because successful exploitation can ultimately lead to root-level compromise. The vulnerability is only exploitable when the WebDialer service is enabled, which is disabled by default.

Key Details

Affected Product
Cisco Unified Communications Manager
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-918
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.