CVE Tools
Back to feed
SecurityWeek ·EN-US News source

Hackers Exploiting Cisco Unified CM Vulnerability

By Eduard Kovacs··2 min read
CVE Tools coverage

Security researchers report that CVE-2026-20230 in Cisco Unified Communications Manager (Unified CM) is being exploited in the wild shortly after Cisco released patches on June 3. The unauthenticated, remote issue can be leveraged for SSRF, arbitrary file writes to the underlying OS, and privilege escalation to root (with exploitation tied to enabling the WebDialer service, which is disabled by default). This matters because Unified CM is a widely deployed on-premises call control platform, making the flaw attractive for both criminal and state-sponsored actors.