CISCO Security Advisory
Published Date: June 3, 2026
CVE: CVE-2026-20230
Advisory Summary
Cisco has disclosed a critical security vulnerability (CVE-2026-20230) impacting its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME). The flaw allows an unauthenticated, remote attacker to perform server-side request forgery (SSRF) attacks by sending specially crafted HTTP requests to vulnerable devices.
The root cause stems from improper input validation in handling specific HTTP requests, potentially enabling an attacker to write files to the underlying operating system. Exploitation of this vulnerability could escalate privileges up to root level, posing a severe risk to the integrity and security of affected systems.
Important notes:
- The WebDialer service must be enabled for exploitation; however, it is disabled by default, adding a layer of protection out-of-the-box.
- Cisco has rated this issue as Critical due to the potential for privilege escalation, despite scoring as High in general metrics.
- There are currently no workarounds; applying Cisco’s released software updates is imperative to remediate this vulnerability.
Organizations running Cisco Unified CM environments should promptly verify the status of the WebDialer service and prioritize patching to mitigate risk. Given the critical nature, delayed remediation could lead to root-level compromises and subsequent network-wide impacts.
Stay proactive with firmware maintenance and monitor for any exploitation attempts targeting this vulnerability.
🔗
-2026-20230
Reference: Vendor Advisory