THREAT OPS › CVEs › CVE-2026-20230
CVE-2026-20230 — Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.
Vulnerability details
- Affected productsUnified Communications Manager
- KEV remediation due2026-06-28
Related reporting
- [CISA KEV] CVE-2026-20230 — Cisco Unified Communications Manager: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerabilitycisa_kev
- 8th June – Threat Intelligence Reportcheckpoint_research
- Cisco Unified Communications Manager Server-Side Request Forgery Vulnerabilitycisco_psirt
- June 2026 CVE Landscaperecordedfuture
- CVE-2026-20230 | Cisco Unified Communications Manager Server-Side Request Forgery Vulnerabilityhorizon3