www.securityweek.com 7/2/2026, 11:12:12 AM · external

Cisco Warns of Exploit in Manager SSRF Flaw CVE-2026-20230

Cisco Warns of Exploit in Manager SSRF Flaw CVE-2026-20230
Developing story vulnerability 16 articles tracked
Cisco Unified CM SSRF/RCE flaw (CVE-2026-20230) exploited in the wild
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

CISCO has confirmed that a critical vulnerability, CVE-2026-20230, in its Unified Communications Manager and its session management edition has been exploited in the wild. The vulnerability, which has a CVSS score of 8.6, is due to improper validation of HTTP requests, enabling attackers to conduct Server Side Request Forgery (SSRF) attacks and potentially gain root access. Cisco initially released patches for the vulnerability in June, with another version expected in September. A proof-of-concept code for exploitation has been identified, prompting Cisco to urge customers to upgrade to the fixed software to mitigate risks.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline