Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco released security updates for Cisco Unified Communications Manager (Unified CM) to fix CVE-2026-20230, a critical flaw that could let a remote attacker reach root privileges. The update matters because Cisco says public proof-of-concept exploit code is available even though it has not seen active exploitation. Administrators are being told to install 14SU6 or 15SU5 or disable Cisco WebDialer Web Service until patching is complete.
Related Happenings
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector Action
H score35
First: 26.06.2026 22:43
Last: 26.06.2026 22:43
Sources 1
About this happening:
CISA ordered federal agencies to patch CVE-2026-20230 in Cisco Unified Communications Manager Server by June 28, tightening exposure around an actively exploited...
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector ActionAbout this happening: CISA ordered federal agencies to patch CVE-2026-20230 in Cisco Unified Communications Manager Server by June 28, tightening exposure around an actively exploited...
Squid web proxy patch for CVE-2026-47729
Security Patch Release
H score20
First: 22.06.2026 17:29
Last: 22.06.2026 17:29
Sources 1
About this happening:
Squid maintainers merged a null-terminator check for CVE-2026-47729 into the development branch and v7, closing the FTP-parser over-read that could expose shar...
Squid web proxy patch for CVE-2026-47729
Security Patch ReleaseAbout this happening: Squid maintainers merged a null-terminator check for CVE-2026-47729 into the development branch and v7, closing the FTP-parser over-read that could expose shar...
Cisco security patch release for CVE-2026-20262
Security Patch Release
H score47
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
Cisco released security updates for CVE-2026-20262 in Catalyst SD-WAN Manager, covering multiple release trains after the zero-day was exploited to reach root pr...
Cisco security patch release for CVE-2026-20262
Security Patch ReleaseAbout this happening: Cisco released security updates for CVE-2026-20262 in Catalyst SD-WAN Manager, covering multiple release trains after the zero-day was exploited to reach root pr...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch Release
H score59
First: 09.06.2026 09:26
Last: 09.06.2026 09:26
Sources 1
About this happening:
BerriAI released LiteLLM 1.83.7, hardening access to the vulnerable MCP test endpoints that accepted full server configurations. The update now requires the PROXY_ADMIN*...
LiteLLM endpoint-hardening patch release (CVE-2026-42271)
Security Patch ReleaseAbout this happening: BerriAI released LiteLLM 1.83.7, hardening access to the vulnerable MCP test endpoints that accepted full server configurations. The update now requires the PROXY_ADMIN*...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
H score55
First: 22.05.2026 08:36
Last: 22.05.2026 08:36
Sources 1
About this happening:
Cisco patched CVE-2026-20223, a CVSS 10.0 Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch ReleaseAbout this happening: Cisco patched CVE-2026-20223, a CVSS 10.0 Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Timeline
-
04.06.2026 14:09 4 articles · 1mo ago
Cisco releases updates for critical Unified CM SSRF flaw
Initial DisclosureCisco released security updates for Cisco Unified Communications Manager (Unified CM) to address CVE-2026-20230, a critical server-side request forgery (SSRF) flaw that can let an unauthenticated remote attacker write files and potentially elevate to root on affected systems with WebDialer enabled. Cisco says publicly available proof-of-concept exploit code exists, but it has not found evidence of active exploitation or targeting, and it recommends installing Unified CM 14SU6 or 15SU5 or disabling Cisco WebDialer Web Service until patching is complete.
Show sources
- Cisco warns of critical Unified CM flaw with PoC exploit code — www.bleepingcomputer.com — 04.06.2026 14:09
- Cisco warns of critical Unified CM flaw with PoC exploit code — www.bleepingcomputer.com — 04.06.2026 14:09
- Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public — thehackernews.com — 04.06.2026 19:55
- Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root — thehackernews.com — 24.06.2026 09:50