A critical vulnerability in Cisco Unified Communications Manager (CUCM), tracked as CVE-2026-20230, has been weaponized by attackers within 24 hours of a proof-of-concept (PoC) release. This server-side request forgery (SSRF) flaw allows unauthenticated attackers to gain root access by exploiting the WebDialer service, which is disabled by default but enables calling from web browsers. Cisco had recently released patches on June 3, urging organizations to treat this as a critical issue.
Researchers from SSD Secure Disclosure and Defused reported that full control of CUCM systems could be gained through a specific attack chain involving crafted HTTP requests, malicious file uploads, and the use of a second JSP web shell for remote code execution. Organizations with the vulnerable software should assume compromise and implement Cisco's mitigations or disable the WebDialer immediately.