BleepingComputer ·EN-US News source
Cisco finally confirms attackers exploiting Unified CM flaw
CVE Tools coverage
Cisco has confirmed that attackers are actively exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June: CVE-2026-20230. The issue is a remote, low-complexity server-side request forgery (SSRF) that can be abused by attackers without privileges via crafted HTTP requests, potentially leading to file-related impacts on affected systems. This matters because it indicates real-world compromise is underway, and Cisco recommends upgrading to fixed releases and using mitigations like disabling the vulnerable WebDialer service when updates can’t be applied immediately.