Cucm

vulnerabilities 2026-06-09
Cisco Unified CM CVE-2026-20230: Public PoC Turns an SSRF Into Root
An unauthenticated SSRF in Cisco Unified Communications Manager (CVE-2026-20230) lets attackers write files to the OS and climb to root. PoC code is public, the 15-train fix is months out, and there's no workaround beyond disabling WebDialer.
cisco cve-2026-20230 ssrf unified-cm cucm voip privilege-escalation webdialer

Cisco Unified CM CVE-2026-20230: Public PoC Turns an SSRF Into Root