CISA Orders Emergency Patching for Actively Exploited Cisco Unified CM SSRF Vulnerability
By
CySecurity News, twitter.com/ehackernews
7d ago· 2 min readenNews
Summary
CISA has ordered urgent patching for an actively exploited SSRF vulnerability (CVE-2026-20230) in Cisco Unified Communications Manager and Unified CM Session Management Edition. The flaw allows unauthenticated attackers to perform server-side request forgery via specially crafted HTTP requests, potentially compromising voice and collaboration systems used by government and enterprise organizations.
Source
Key quotes
· 3 pulledCISA has moved quickly against a serious Cisco vulnerability because the issue is already being exploited and could expose government and enterprise communications systems to deeper compromise.
At the center of the problem is a server-side request forgery vulnerability tied to how the product handles certain HTTP requests.
An attacker does not need valid credentials to trigger the flaw
The bug affects Cisco Unified Communications Manager, and it sits in a service many organizations rely on for voice and collaboration traffic.
You might also wanna read
WAF - WAF Release - 2025-09-28 - Emergency
Cloudflare·9mo ago
WAF - WAF Release - 2025-06-02
Cloudflare·1y ago
WAF - WAF Release - 2025-10-07 - Emergency
Cloudflare·9mo ago
WAF - WAF Release - 2025-08-11
Cloudflare·10mo ago
WAF - WAF Release - 2026-04-21
Cloudflare·2mo ago
WAF - WAF Release - 2025-06-16
Cloudflare·1y ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.