Cisco finally confirms attackers exploiting Unified CM flaw

Cisco finally confirms attackers exploiting Unified CM flaw
Cisco confirmed that attackers are actively exploiting CVE-2026-20230 in Unified CM after proof-of-concept code and technical write-ups surfaced in June 2026. Admins are urged to upgrade to a fixed release or temporarily disable the WebDialer service to block incoming attacks. #Cisco #UnifiedCM #CVE-2026-20230 #WebDialer #Shadowserver #CISA

Keypoints

  • Cisco Unified CM vulnerability CVE-2026-20230 is now being actively exploited.
  • The flaw allows unauthenticated remote SSRF attacks through crafted HTTP requests.
  • Attackers used file:// payloads to create files on targeted devices.
  • Cisco recommends upgrading to a fixed release or disabling WebDialer as a mitigation.
  • Shadowserver says more than 200 Unified CM instances are exposed online.

Read More: https://www.bleepingcomputer.com/news/security/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/