Cisco Releases Security Advisory for Critical Vulnerability in Unified Communications Manager
If exploited, CVE-2026-20230 could allow a remote unauthenticated attacker to elevate privileges to root
Summary
If exploited, CVE-2026-20230 could allow a remote unauthenticated attacker to elevate privileges to root
Affected platforms
The following platforms are known to be affected:
Threat details
Active exploitation for CVE-2026-20230
Cisco has confirmed that proof‑of‑concept exploit code for CVE-2026-20230 is publicly available. Defused Cyber have also confirmed exploitation attempts of CVE-2026-20230 in the wild.
The NHS England Nation CSOC assesses further exploitation as likely.
Introduction
Cisco has released a security advisory to address a critical vulnerability in Cisco Unified Communications Manager. Successful exploitation could allow an unauthenticated remote attacker to write files to the underlying operating system and later escalate privileges to root.
- CVE‑2026‑20230 – Server‑Side Request Forgery (SSRF) vulnerability – CVSSv3.1 Base Score: 8.6
Although the CVSSv3.1 score indicates the vulnerability is rated at high severity, Cisco has assigned a critical impact rating due to the potential of privilege escalation.
Threat updates
| Date | Update |
|---|---|
| 24 Jun 2026 | Exploitation of CVE-2026-20230 reported by Defused Cyber. The emphasis box has been updated to reflect this. |
Remediation advice
Affected organisations are encouraged to review Cisco Security Advisory cisco‑sa‑cucm‑ssrf‑cXPnHcW and apply the relevant software updates as soon as possible.
Definitive source of threat updates
Last edited: 24 June 2026 3:23 pm