CVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Summary
A server-side request forgery (SSRF) vulnerability has been identified in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). An unauthenticated, remote attacker could exploit this flaw to write files to the operating system, potentially leading to root privilege escalation.
IFF Assessment
This vulnerability allows for privilege escalation, which is a significant risk to the confidentiality, integrity, and availability of systems.
Severity
The vulnerability is remotely exploitable by an unauthenticated attacker and allows for file writing to the OS, which can lead to root privilege escalation, indicating a high impact on all aspects of the system.
CISA KEV: Listed as actively exploited. Federal patch due: June 28, 2026. Known ransomware use: Unknown.
Defender Context
This SSRF vulnerability in a widely used communication manager product poses a significant risk for privilege escalation. Defenders should prioritize patching and applying vendor-provided mitigations immediately, ensuring their systems are protected against remote attacks that could compromise the entire operating system.