## Overview
CISA added CVE-2026-20230 to its Known Exploited Vulnerabilities (KEV) list on June 25, 2026. This vulnerability affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). It allows unauthenticated remote attackers to conduct server-side request forgery (SSRF) attacks.
## Technical Details
The vulnerability arises from improper input validation for specific HTTP requests. An attacker can exploit this flaw by sending a crafted HTTP request to an affected device. If successful, the attacker can write files to the underlying operating system. This could lead to privilege escalation to root. The WebDialer service must be enabled for exploitation, but it is disabled by default.
## Impact
The exploitation of CVE-2026-20230 can have severe consequences. Attackers could gain unauthorized access to sensitive data or control over the affected systems. Cisco has assigned a Critical Security Impact Rating to this vulnerability, indicating the potential for significant damage if exploited.
## Mitigation
Organizations using Cisco Unified Communications Manager should apply the latest patches provided by Cisco. It is crucial to review configurations and ensure that the WebDialer service is disabled if not in use. Regularly monitor network traffic for unusual activity that may indicate exploitation attempts.
CSURFACE Threat Sensor