Cisco patches SSRF flaw in Unified CM enabling root access

vulnerabilityopenJun 4, 2026 — Jun 5, 2026

CVE-2026-20230 is a critical unauthenticated SSRF vulnerability affecting Cisco Unified CM and SME. This flaw can lead to root-level compromise when the WebDialer service is enabled, which is disabled by default. Exploitation involves sending a crafted HTTP request that manipulates the server, allowing the attacker to write files and potentially elevate…

CVE-2026-20230 8.6

Root sourcesec.cloudapps.cisco.com

Timeline Coverage

Swipe to explore timeline

#5 Jun 5, 2026, 01:01 PM

socradar.io
Cisco patches SSRF flaw in Unified CM enabling root access
#4 Jun 4, 2026, 05:11 PM

thehackernews.com
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
#3 Jun 4, 2026, 01:50 PM

securityaffairs.com
Cisco Fixes CVE-2026-20230 SSRF Flaw in Unified CM, Root Risk.
#2 Jun 4, 2026, 08:51 AM

www.securityweek.com
Cisco patches CVE-2026-20230 UC Manager flaw enabling root access
#1 Jun 4, 2026, 03:51 AM

securityonline.info
Cisco Unified CM SSRF flaw exposes systems to remote takeover