CVE Tools
Back to feed
SecurityWeek ·EN-US News source

Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability

By Ionut Arghire··1 min read
CVE Tools coverage

Cisco reports that CVE-2026-20230 has been exploited in the wild in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The issue stems from improper validation of certain HTTP requests and could enable SSRF-style activity that may ultimately allow arbitrary file drops and potential root access. This matters because only devices with the WebDialer service enabled are affected (disabled by default), and Cisco advises upgrading to fixed releases to remediate.