Skip to content

Cisco Unified CM: CVE-2026-20230 Actively Exploited After PoC Release

At a glance: CVE-2026-20230 (CVSS 8.6) in Cisco Unified CM and CM SME is being actively exploited – unencrypted HTTP requests enable remote write access without authentication.

A critical vulnerability in Cisco Unified Communications Manager allows unauthenticated remote actors to write files with root privileges. Following the publication of a proof-of-concept, attacks are already being documented.

The vulnerability CVE-2026-20230 affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). It is rated as critical with a CVSS score of 8.6 and is based on insufficient input validation in specific HTTP requests.

Unauthenticated remote attackers can exploit the flaw to write files with root privileges, thereby gaining complete control over affected systems. The vulnerability requires no authentication and no physical access.

Following the publication of a functional proof-of-concept, security researchers are reporting active exploitations in the wild. For CISOs, this presents an immediate threat, particularly because Unified CM is often deployed in critical enterprise communications infrastructure. Immediate examination of affected systems for indicators of compromise as well as rapid deployment of security patches are required.


Source: thehackernews.com · Published 24 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.

Share on: