Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco Unified Communications Manager security update for CVE-2026-20230

Security Patch Release
First reported
Last updated
Happening score
H score 56
2 unique sources, 3 articles

Summary

Hide ▲

Cisco released security updates for Cisco Unified Communications Manager (Unified CM) to fix CVE-2026-20230, a critical flaw that could let a remote attacker reach root privileges. The update matters because Cisco says public proof-of-concept exploit code is available even though it has not seen active exploitation. Administrators are being told to install 14SU6 or 15SU5 or disable Cisco WebDialer Web Service until patching is complete.

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

About this happening: CISA ordered federal agencies to patch CVE-2026-20230 in Cisco Unified Communications Manager Server by June 28, tightening exposure around an actively exploited...

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: Squid maintainers merged a null-terminator check for CVE-2026-47729 into the development branch and v7, closing the FTP-parser over-read that could expose shar...

Cisco security patch release for CVE-2026-20262

Security Patch Release
H score47 First: 15.06.2026 20:12 Last: 15.06.2026 20:12 Sources 1

About this happening: Cisco released security updates for CVE-2026-20262 in Catalyst SD-WAN Manager, covering multiple release trains after the zero-day was exploited to reach root pr...

LiteLLM endpoint-hardening patch release (CVE-2026-42271)

Security Patch Release
H score59 First: 09.06.2026 09:26 Last: 09.06.2026 09:26 Sources 1

About this happening: BerriAI released LiteLLM 1.83.7, hardening access to the vulnerable MCP test endpoints that accepted full server configurations. The update now requires the PROXY_ADMIN*...

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
H score55 First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched CVE-2026-20223, a CVSS 10.0 Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Timeline

  1. 04.06.2026 14:09 4 articles · 1mo ago

    Cisco releases updates for critical Unified CM SSRF flaw

    Initial Disclosure

    Cisco released security updates for Cisco Unified Communications Manager (Unified CM) to address CVE-2026-20230, a critical server-side request forgery (SSRF) flaw that can let an unauthenticated remote attacker write files and potentially elevate to root on affected systems with WebDialer enabled. Cisco says publicly available proof-of-concept exploit code exists, but it has not found evidence of active exploitation or targeting, and it recommends installing Unified CM 14SU6 or 15SU5 or disabling Cisco WebDialer Web Service until patching is complete.

    Show sources