Cisco Unified Communications Vulnerability Actively Exploited by Hackers

A critical security flaw in Cisco's Unified Communications platforms, identified as CVE-2026-20230, is being actively exploited by hackers. The vulnerability affects Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) due to improper validation of HTTP requests. This flaw allows unauthenticated attackers to conduct server-side request forgery (SSRF) attacks, potentially leading to privilege escalation and root access. Cisco rated the vulnerability with a severity score of 8.6 out of 10 and released patches on June 3, 2026. Following the disclosure, threat intelligence firm Defused Cyber reported active exploitation attempts, with attackers using crafted file:// requests to test vulnerable systems. The WebDialer service must be enabled for exploitation, but it is disabled by default in many deployments. Organizations are advised to disable the WebDialer service until patches can be applied. Cisco has not yet updated its advisory to reflect the active exploitation status.

Key Points: • CVE-2026-20230 is a critical vulnerability in Cisco Unified CM and SME. • Active exploitation is confirmed, with attackers using crafted HTTP requests. • Organizations should disable the WebDialer service until patches are applied.