Cisco Unified CM Vulnerability (CVE-2026-20230, CVSS 8.6) Actively Exploited for Root Privilege Escalation
10d ago· 1 min readenNews
Summary
CVE-2026-20230 is a high-severity (CVSS 8.6) vulnerability in Cisco Unified CM involving improper HTTP input validation, enabling unauthenticated remote attackers to perform SSRF attacks and write files to the OS for privilege escalation to root. Active exploitation has been observed using an unvetted PoC with file:// payloads. The flaw requires the WebDialer service (disabled by default) to be enabled. Patches are available in versions 14SU6 and 15SU5; disabling WebDialer is recommended as a workaround.
Source
Key quotes
· 5 pulledCVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests.
Successful exploitation can let an unauthenticated remote attacker perform server-side request forgery through the affected device.
Active exploitation has been observed in attacks using an unvetted proof of concept with file:// payloads landing on decoys.
Exploitation requires the WebDialer service to be enabled, which is disabled by default.
The flaw is patched in Unified CM and Unified CM SME versions 14SU6 and 15SU5, and disabling WebDialer is recommended if patching is not immediately possible.
CVE-2026-20230 has a CVSS score of 8.6 and stems from improper input validation for specific HTTP requests. Successful exploitation can let an unauthenticated remote attacker perform server-side request forgery through the affected device. The resulting i
You might also wanna read
WAF - WAF Release - 2025-09-28 - Emergency
Cloudflare·9mo ago
WAF - WAF Release - 2025-10-07 - Emergency
Cloudflare·9mo ago
WAF - WAF Release - 2025-08-11
Cloudflare·10mo ago
WAF - WAF Release - 2025-06-09
Cloudflare·1y ago
WAF - WAF Release - 2026-04-15
Cloudflare·2mo ago
WAF - WAF Release - 2026-04-21
Cloudflare·2mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.