Skip to main content

Cisco Releases Security Advisory for Critical Vulnerability in Unified Communications Manager

If exploited, CVE-2026-20230 could allow a remote unauthenticated attacker to elevate privileges to root

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

If exploited, CVE-2026-20230 could allow a remote unauthenticated attacker to elevate privileges to root


Threat details

Active exploitation for CVE-2026-20230

Cisco has confirmed that proof‑of‑concept exploit code for CVE-2026-20230 is publicly available. Defused Cyber have also confirmed exploitation attempts of CVE-2026-20230 in the wild.

The NHS England Nation CSOC assesses further exploitation as likely.


Introduction

Cisco has released a security advisory to address a critical vulnerability in Cisco Unified Communications Manager. Successful exploitation could allow an unauthenticated remote attacker to write files to the underlying operating system and later escalate privileges to root.

  • CVE‑2026‑20230 – Server‑Side Request Forgery (SSRF) vulnerability – CVSSv3.1 Base Score: 8.6

Although the CVSSv3.1 score indicates the vulnerability is rated at high severity, Cisco has assigned a critical impact rating due to the potential of privilege escalation. 


Threat updates

Date Update
24 Jun 2026 Exploitation of CVE-2026-20230 reported by Defused Cyber. The emphasis box has been updated to reflect this.

Remediation advice

Affected organisations are encouraged to review Cisco Security Advisory cisco‑sa‑cucm‑ssrf‑cXPnHcW and apply the relevant software updates as soon as possible.



Last edited: 24 June 2026 3:23 pm