Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco Unified CM SSRF root-privilege flaw (CVE-2026-20230)

Vulnerability
First reported
Last updated
Happening score
H score 49
2 unique sources, 5 articles

Summary

Hide ▲

CVE-2026-20230 exposes Cisco Unified CM systems with WebDialer enabled to remote SSRF abuse that can lead to root-level compromise. The flaw can be triggered without privileges and with low complexity. Public proof-of-concept exploit code is available, but Cisco has not found evidence of active exploitation.

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

How related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited.

About this happening: CISA ordered federal agencies to patch CVE-2026-20230 in Cisco Unified Communications Manager Server by June 28, tightening exposure around an actively exploited...

Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)

Vulnerability
H score60 First: 05.06.2026 09:24 Last: 05.06.2026 09:24 Sources 1

About this happening: CVE-2026-20245 in Cisco Catalyst SD-WAN Manager is an actively exploited high-severity vulnerability that can let an authenticated local attacker with netadm...

Latest development: 06.06.2026 07:19

Cisco warned that CVE-2026-20245 in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, is under active exploitation and can let an authenticated local attacker with netadmin privileges upload a crafted file to execute arbitrary commands as root. Cisco said the flaw affects On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP), that limited exploitation has already resulted in configuration changes pushed to edge devices, and that no patches or mitigations are currently available. Cisco also advised checking /var/log/scripts.log for indicators of compromise and credited Google Mandiant researchers Chester Sng, Pete Boonyakarn, and Logeswaran Nadarajan with discovering and reporting the issue.

CISA orders FCEB remediation for CVE-2025-60710

Public Sector Action
H score34 First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added CVE-2025-60710 to its actively exploited catalog and gave FCEB agencies two weeks to secure systems under BOD 22-01. The move targets a Windows Ta...

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
H score58 First: 23.03.2026 12:30 Last: 23.03.2026 12:30 Sources 1

About this happening: CISA ordered federal civilian agencies to patch CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) within three days or discontinue use if mitigat...

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
H score57 First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: Cisco confirmed active exploitation of two recently patched Catalyst SD-WAN vulnerabilities, creating immediate risk for exposed systems that have not been fully remed...

Timeline

  1. 26.06.2026 22:43 1 articles · 19d ago

    Cisco releases patch for CVE-2026-20230 in Unified Communications Manager Server

    Mitigation Patch Update

    Cisco released a patch for CVE-2026-20230 in Cisco Unified Communications Manager Server and warned that the critical server-side request forgery flaw could be exploited remotely and without authentication via specially crafted HTTP requests.

    Show sources
  2. 26.06.2026 22:43 2 articles · 19d ago

    CISA adds CVE-2026-20230 to KEV after Defused sees active exploitation

    Detection Ioc Update

    CISA added CVE-2026-20230 to its Known Exploited Vulnerabilities catalog, gave federal agencies until Sunday, June 28 to remediate under BOD 26-04, and Defused said it saw the flaw being exploited last weekend to write arbitrary text files to affected endpoints; the threat actor using the vulnerability is still unknown.

    Show sources
  3. 04.06.2026 14:09 5 articles · 1mo ago

    Cisco releases Unified CM fixes for CVE-2026-20230

    Initial Disclosure

    Cisco released security updates for Cisco Unified Communications Manager (Unified CM) to address CVE-2026-20230, a critical SSRF flaw that can let a remote unauthenticated attacker write files and later elevate to root when the WebDialer service is enabled. Cisco PSIRT says public proof-of-concept exploit code is available but has not found evidence of active exploitation or targeting. Administrators are advised to install Unified CM 14SU6 or 15SU5, or disable Cisco WebDialer Web Service until a patch is applied.

    Show sources