CVE Tools
Back to feed
BleepingComputer ·EN-US News source

Cisco finally confirms attackers exploiting Unified CM flaw

By Sergiu Gatlan··2 min read
CVE Tools coverage

Cisco has confirmed that attackers are actively exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June: CVE-2026-20230. The issue is a remote, low-complexity server-side request forgery (SSRF) that can be abused by attackers without privileges via crafted HTTP requests, potentially leading to file-related impacts on affected systems. This matters because it indicates real-world compromise is underway, and Cisco recommends upgrading to fixed releases and using mitigations like disabling the vulnerable WebDialer service when updates can’t be applied immediately.