A critical vulnerability (CVE-2026-20230) in Cisco's Unified Communications Manager (Unified CM) has been exploited by attackers. This flaw allows unauthenticated remote access for Server Side Request Forgery (SSRF) attacks and could enable privilege escalation to root. Although Cisco released patches on June 3, recent reports indicate ongoing exploitation, primarily using an unvetted proof of concept (PoC). The exploit requires enabling the WebDialer service, which is typically disabled.
The vulnerability is significant as Unified CM is widely used in large enterprises, making it a target for cybercriminals and state-sponsored actors. Cisco has not confirmed details of the exploitation as of yet, and this marks the second exploit targeting Cisco Unified CM in 2026.