CISCO has confirmed that a critical vulnerability, CVE-2026-20230, in its Unified Communications Manager and its session management edition has been exploited in the wild. The vulnerability, which has a CVSS score of 8.6, is due to improper validation of HTTP requests, enabling attackers to conduct Server Side Request Forgery (SSRF) attacks and potentially gain root access. Cisco initially released patches for the vulnerability in June, with another version expected in September. A proof-of-concept code for exploitation has been identified, prompting Cisco to urge customers to upgrade to the fixed software to mitigate risks.
Cisco Warns of Exploit in Manager SSRF Flaw CVE-2026-20230
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Cisco Warns of Exploit in Manager SSRF Flaw CVE-2026-20230
www.securityweek.com
-
Cisco Unified CM RCE Flaw Exploited in the Wild as PoC Code Goes Public
cybersixt.com
-
Cisco SD-WAN Zero-Day Exploited in Attacks
cybersixt.com
-
CISA adds critical PTC Windchill, Cisco UC flaws to KEV list
cybersixt.com
-
CISA Adds Cisco UC Manager SSRF Flaw to KEV Catalog
cybersixt.com
-
PTC Windchill flaw spotted; Claude Fable 5 hints at AWS return
cybersixt.com
-
Cisco and PTC flaws under active attack, CISA adds to KEV list
cybersixt.com
-
Cisco CUCM flaw allows hackers to gain root access in 24 hours
cybersixt.com
-
Cisco Manager SSRF Flaw Exploited, CISA Adds CVE‑2026‑20230 to KEV
cybersixt.com
-
Cisco CUCM CVE-2026-20230 SSRF flaw lets attackers gain root
cybersixt.com
-
Cisco CM flaw lets attackers gain root via file write exploit
cybersixt.com
-
Cisco Unified CM flaw lets hackers gain root access via SSRF
cybersixt.com
-
Cisco patches SSRF flaw in Unified CM enabling root access
cybersixt.com
-
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
cybersixt.com
-
Cisco Fixes CVE-2026-20230 SSRF Flaw in Unified CM, Root Risk.
cybersixt.com
-
Cisco patches CVE-2026-20230 UC Manager flaw enabling root access
cybersixt.com