A critical vulnerability in Cisco Unified CM, identified as CVE-2026-20230, allows unauthenticated remote attackers to perform server-side request forgery (SSRF) attacks. This flaw has a CVSS score of 8.6 and poses significant downstream risks, potentially leading to a full system takeover. Although the vulnerability primarily affects systems with the WebDialer service enabled, which is disabled by default, organizations using this feature are at immediate risk due to the public disclosure of exploit code.
Administrators are urged to upgrade to secure software versions immediately or disable the vulnerable service temporarily if updates cannot be applied. Continuous monitoring of server traffic for unusual HTTP patterns is also recommended to mitigate possible attacks.