CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered federal agencies to patch CVE-2026-20230 in Cisco Unified Communications Manager Server by June 28, tightening exposure around an actively exploited SSRF flaw. The vulnerability was added to CISA's KEV catalog under BOD 26-04, making remediation urgent for covered agencies. Cisco had already labeled the bug critical and warned it could be exploited remotely without authentication.
Related Happenings
Cisco Unified CM SSRF root-privilege flaw (CVE-2026-20230)
Vulnerability
H score49
First: 04.06.2026 14:09
Last: 04.06.2026 14:09
Sources 1
How related:
Last weekend, threat detection startup Defused observed the vulnerability being exploited in attacks to write arbitrary text files to affected endpoints.
About this happening:
**CVE-2026-20230** exposes **Cisco Unified CM** systems with **WebDialer enabled** to remote **SSRF** abuse that can lead to **root-level compromise**. The flaw can be triggered w...
Cisco Unified CM SSRF root-privilege flaw (CVE-2026-20230)
VulnerabilityHow related: Last weekend, threat detection startup Defused observed the vulnerability being exploited in attacks to write arbitrary text files to affected endpoints.
About this happening: **CVE-2026-20230** exposes **Cisco Unified CM** systems with **WebDialer enabled** to remote **SSRF** abuse that can lead to **root-level compromise**. The flaw can be triggered w...
Latest development: 26.06.2026 22:43
Cisco released a patch for CVE-2026-20230 in Cisco Unified Communications Manager Server and warned that the critical server-side request forgery flaw could be exploited remotely and without authentication via specially crafted HTTP requests.
Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch Release
H score56
First: 04.06.2026 14:09
Last: 04.06.2026 14:09
Sources 1
About this happening:
Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...
Cisco Unified Communications Manager security update for CVE-2026-20230
Security Patch ReleaseAbout this happening: Cisco released **security updates** for **Cisco Unified Communications Manager (Unified CM)** to fix **CVE-2026-20230**, a **critical** flaw that could let a remote attacker reach...
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
Vulnerability
H score60
First: 14.05.2026 23:09
Last: 14.05.2026 23:09
Sources 1
About this happening:
**CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
VulnerabilityAbout this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Latest development: 14.05.2026 23:25
Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.
CISA KEV order for Copy Fail on federal Linux devices
Public Sector Action
H score33
First: 08.05.2026 10:45
Last: 08.05.2026 10:45
Sources 1
About this happening:
**CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
CISA KEV order for Copy Fail on federal Linux devices
Public Sector ActionAbout this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...
Cisco security patch release for CVE-2026-20188
Security Patch Release
H score35
First: 06.05.2026 21:06
Last: 06.05.2026 21:06
Sources 1
About this happening:
**Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
Cisco security patch release for CVE-2026-20188
Security Patch ReleaseAbout this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...
Timeline
-
26.06.2026 22:43 1 articles · 3h ago
Cisco releases patch for CVE-2026-20230 in Unified Communications Manager Server
Mitigation Patch UpdateCisco released a patch for CVE-2026-20230 in Cisco Unified Communications Manager Server on June 3 after marking the server-side request forgery flaw critical, warning that specially crafted HTTP requests could exploit it remotely without authentication.
Show sources
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks — www.bleepingcomputer.com — 26.06.2026 22:43
-
26.06.2026 22:43 2 articles · 3h ago
CISA adds CVE-2026-20230 to KEV and orders federal agencies to patch by June 28
Legal Policy Action UpdateCISA added CVE-2026-20230 to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch Cisco Unified Communications Manager Server by Sunday, June 28 under BOD 26-04 after the flaw was identified as actively exploited and used to write arbitrary text files to affected endpoints.
Show sources
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks — www.bleepingcomputer.com — 26.06.2026 22:43
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks — www.bleepingcomputer.com — 26.06.2026 22:43