THE article discusses a critical security vulnerability (CVE-2026-20230) in Cisco Unified Communications Manager that is currently being exploited in the wild. The flaw, related to improper input validation in the WebDialer service, allows attackers to gain root access by sending crafted HTTP requests. With a CVSS score of 8.6, this vulnerability has significant implications as it can potentially expose enterprise voice and video systems worldwide.
Exploitation was first noted in June 2026, and a publicly available proof-of-concept exploit code has further increased the risk of attack. Affected versions include Unified CM prior to updates 14SU6 and 15SU5, with Cisco providing patches. Administrators are advised to upgrade systems and disable WebDialer to mitigate exposure.