Cisco Unified Communications Manager and Unified CM SME are being targeted in active attacks exploiting CVE-2026-20230, a high-severity SSRF flaw that can lead to file writes and root access. Defused says the current activity appears to be reconnaissance, while SSD Secure has published technical details and a proof-of-concept for the vulnerability. #CVE-2026-20230 #CiscoUnifiedCommunicationsManager #UnifiedCM #UnifiedCMSME #WebDialer
Keypoints
- CVE-2026-20230 affects Cisco Unified Communications Manager and Unified CM SME.
- The flaw allows unauthenticated server-side request forgery through crafted HTTP requests.
- Successful exploitation can write files to the operating system and lead to root privileges.
- Defused reported active exploitation from a single IP address using file:// payloads.
- SSD Secure published a technical write-up and proof-of-concept after disclosure.