CISA has added CVE‑2026‑20230 to its Known Exploited Vulnerabilities catalogue, affecting Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. The vulnerability is a server‑side request forgery (SSRF) flaw that lets an unauthenticated, remote attacker write files to the underlying operating system, which could later be used to gain root privileges.
The SSRF vulnerability can be exploited over the network without authentication, allowing an attacker to trigger outbound requests from the affected Unified CM server and write arbitrary files to the host filesystem. This capability can be chained to achieve elevated access. The flaw carries a CVSS v3.1 base score of 8.6, rated as HIGH. Cisco has not yet released a patch, and patch status remains unknown.
Active exploitation has been confirmed, which is why the entry appears in the KEV catalogue. No known ransomware campaign has been linked to this CVE at present. CISA has set a remediation deadline of 26 June 2026 for federal civilian executive branch agencies to address the issue.
CISA’s required action is: “Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26‑04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26‑04 guidance for cloud services or discontinue use of the product if mitigations are unavailable.
Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26‑04 patching guidelines.” While the directive binds FCEB agencies, all organisations should review their exposure to Unified Communications Manager and apply any available mitigations promptly.
For full details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-20230 and the CISA KEV catalogue.