Cisco confirmed that attackers are actively exploiting CVE-2026-20230 in Unified CM after proof-of-concept code and technical write-ups surfaced in June 2026. Admins are urged to upgrade to a fixed release or temporarily disable the WebDialer service to block incoming attacks. #Cisco #UnifiedCM #CVE-2026-20230 #WebDialer #Shadowserver #CISA
Keypoints
- Cisco Unified CM vulnerability CVE-2026-20230 is now being actively exploited.
- The flaw allows unauthenticated remote SSRF attacks through crafted HTTP requests.
- Attackers used file:// payloads to create files on targeted devices.
- Cisco recommends upgrading to a fixed release or disabling WebDialer as a mitigation.
- Shadowserver says more than 200 Unified CM instances are exposed online.