Back

Cisco Addresses High-Severity Code Injection and SSRF Vulnerabilities

Severity: High (Score: 72.0)

Sources: Heise.De, Securityaffairs.Co, sec.cloudapps.cisco.com

Summary

Cisco has released patches for multiple high-severity vulnerabilities affecting its products, particularly in Unity Connection. Two critical flaws, CVE-2026-20034 and CVE-2026-20035, allow authenticated attackers to execute malicious code and unauthenticated actors to perform server-side request forgery (SSRF) attacks. Additionally, vulnerabilities in Cisco's SG350 and SG350X series switches can lead to Denial-of-Service attacks. The flaws could enable significant disruptions or unauthorized access to sensitive systems. Cisco's advisory emphasizes the urgency of applying the patches to mitigate potential exploitation. The vulnerabilities were disclosed on May 7, 2026, coinciding with the release of security advisories. Organizations using affected Cisco products are advised to update their systems immediately. Key Points: • Cisco patched critical vulnerabilities in Unity Connection allowing code execution and SSRF. • CVE-2026-20034 and CVE-2026-20035 are the most severe flaws identified. • Affected systems include Unity Connection and SG350/SG350X series switches.

Key Entities

  • DDoS (attack_type)
  • Denial-of-Service (attack_type)
  • Cwe-918 - Server-Side Request Forgery (ssrf) (cwe)
  • CWE-94 - Code Injection (cwe)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • Cisco Unity Connection (platform)
  • Cisco Unity Connection Web Inbox (platform)
  • Identity Services Engine (platform)
  • IoT Field Network Director (platform)
  • Sg350 (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed