Critical Exploitation of Cisco CM and Samsung KNOX Vulnerabilities

Active exploitation of two critical vulnerabilities has been reported: CVE-2026-20230 in Cisco Unified CM and CVE-2026-20971 in Samsung KNOX. The Cisco flaw, a server-side request forgery (SSRF), poses an immediate threat to organizations using the Unified Communications Manager Server. Meanwhile, the Samsung KNOX flaw, an eight-year-old use-after-free vulnerability, affects millions of Galaxy devices, allowing potential kernel-level attacks. Both vulnerabilities have been linked to significant risks, including data breaches and device takeovers. The Cisco vulnerability was published on June 3, 2026, while Samsung's flaw was patched in January 2026. Organizations are urged to apply necessary patches and monitor for indicators of compromise (IOCs) related to these vulnerabilities. The threat landscape remains critical with ongoing AI supply chain threats and other data breaches reported.

Key Points: • CVE-2026-20230 in Cisco Unified CM is actively exploited, posing immediate risks. • CVE-2026-20971 in Samsung KNOX affects millions of devices, allowing kernel attacks. • Organizations must apply patches and monitor for IOCs related to these vulnerabilities.