Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges

Pierluigi Paganini
June 04, 2026

Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely.

Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side request forgery (SSRF) attacks. Cisco warns that public PoC code is available and that successful exploitation could allow attackers to write files that may later be used to gain root privileges.

“This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.” reads the advisory. “A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.”

Cisco rated this advisory as Critical instead of High because successful exploitation could allow an attacker to escalate privileges to root. However, the risk depends on configuration: the vulnerability can only be exploited if the WebDialer service is enabled, which is disabled by default on affected systems.

There is no full workaround for this vulnerability. The networking giant recommends mitigating risk by disabling the WebDialer service until a patch is applied. Administrators can do this through the Unified CM Administration interface by going to Unified Serviceability, opening Service Activation under Tools, and unchecking the WebDialer Web Service option in the CTI Services section before saving the changes.

Below are the fixed releases:

The company confirms that PoC exploit code for the vulnerability is publicly available. However, the PSIRT is not aware of attacks in the wild exploiting this issue.

“The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.” concludes the advisory.”The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon