The Bottom Line: The server-side request forgery CVE-2026-20230 in Cisco Unified CM is patched, but proof-of-concept code is already publicly available.
Cisco has fixed a critical flaw in Unified Communications Manager that allows unauthenticated network attackers to write files and escalate privileges to root. Publicly available exploit code shortens the window before practical attacks materialize.
Cisco has closed a security vulnerability in Unified Communications Manager (UCM) registered under the identifier CVE-2026-20230. The vulnerability is a server-side request forgery (SSRF) that allows an unauthenticated attacker with network access to write arbitrary files to the system and subsequently perform privilege escalation to root level.
The Cisco Product Security Incident Response Team (PSIRT) has observed no evidence of exploitation in the wild to date. However, this could change quickly: proof-of-concept exploit code is already publicly available, which significantly lowers the barrier for systematic attack attempts.
For CISOs, this means high priority on patch management and network access control to UCM systems. Affected organizations should deploy updates and promptly verify whether their infrastructure can be accessed from the outside to UCM instances. Locally networked devices can also be leveraged as an attack vector for lateral movement within internal networks.
Source: thehackernews.com · Published 4 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.