The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
June 25, 2026
Attackers have begun actively exploiting a critical flaw in Cisco Unified Communications Manager (CUCM) to gain root access on vulnerable systems.
The attacks appear to have begun less than 24 hours after researchers at SSD Secure Disclosure this week released proof-of-concept code (PoC) along with a full exploit chain for the vulnerability.
The vulnerability, tracked as CVE-2026-20230, is an input validation flaw that allows an unauthenticated remote attacker to perform server-side request forgery (SSRF) against affected devices and escalate privileges to root. It impacts Cisco Unified CM and Unified CM SME deployments where the WebDialer service is enabled, allowing users to place calls directly from a Web browser. The service is disabled by default.
