CISCO: Reference: Cisco Security Advisory – Unity Connection RCE and SSRF Vulnerabilities

CISCO Security Advisory

Published Date: May 6, 2026

CVE: CVE-2026-20034

Advisory Summary

⛔⚠️ Critical Security Alert: Cisco Unity Connection Vulnerabilities ⚠️⛔

Multiple high-severity vulnerabilities have been identified in Cisco Unity Connection that could allow remote attackers to execute arbitrary code or perform server-side request forgery (SSRF) attacks. These vulnerabilities, tracked as CVE-2026-20034 and CVE-2026-20035, pose significant risks to affected systems by potentially enabling attackers to compromise system integrity and access internal resources.

• Impact: Remote Code Execution (RCE) and SSRF vulnerabilities with high-security impact rating.
• Affected Product: Cisco Unity Connection.
• Mitigation: Cisco has issued software updates addressing these vulnerabilities.
• No effective workarounds exist, making prompt patching essential.
• Immediately review your Cisco Unity Connection deployments and apply the released patches without delay.
• Consider conducting vulnerability assessments and monitoring for any unusual activity that could indicate exploitation attempts.

Ensuring your infrastructure’s security requires timely action to neutralize these critical threats and maintain operational integrity.

Reference: Vendor Advisory