Critical SSRF Vulnerability in Cisco Unified CM Exploited for Root Access

A critical vulnerability, CVE-2026-20230, has been identified in Cisco Unified Communications Manager (Unified CM) and Session Management Edition (SME), allowing remote, unauthenticated attackers to perform Server-Side Request Forgery (SSRF) attacks. This flaw arises from improper input validation in the WebDialer service, enabling attackers to write files on the underlying operating system and potentially gain root privileges. Cisco has issued warnings to customers about the ongoing exploitation of this vulnerability, which was published on June 3, 2026, with the first proof of concept appearing shortly after on June 5. The flaw poses a significant risk to organizations using affected Cisco products, as it does not require prior authentication for exploitation. Immediate action is advised to mitigate potential impacts.

Key Points: • CVE-2026-20230 allows SSRF attacks on Cisco Unified CM and SME without authentication. • Attackers can exploit the vulnerability to gain root access to the underlying OS. • Cisco has confirmed active exploitation of this critical flaw in the wild.