Cisco on Wednesday rolled out patches for a high-severity vulnerability in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME), warning that proof-of-concept (PoC) code for it exists.
Tracked as CVE-2026-20230 (CVSS score of 8.6), the bug stems from input in specific HTTP requests not being properly validated, allowing attackers to mount server-side request forgery (SSRF) attacks.
“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root,” Cisco explains in its advisory.
According to the company, the security defect should be considered critical because it could provide attackers with root privileges on the affected device.
Cisco also notes that only appliances with the WebDialer service enabled are impacted. The service is disabled by default.
The company released Unified CM and Unified CM SME version 14SU6, which resolves the security flaw. Cisco also plans to include the patches in Unified CM and Unified CM SME version 15SU5, which is expected to arrive in September.
“The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory,” the company says, adding that the CVE does not appear to have been exploited in attacks.
On Wednesday, Cisco also rolled out fixes for two medium-severity vulnerabilities in Webex Meetings and Finesse, warning that unauthenticated, remote attackers could exploit them to conduct XSS attacks or load arbitrary files into active user sessions.
Both issues are rooted in the insufficient validation of user input and can be exploited by convincing a user to click a malicious link, leading to the execution of arbitrary script code.
Neither of the two security defects has been publicly disclosed or exploited in attacks, Cisco says. Additional information can be found on the company’s security advisories page.
Related: Organizations Warned of Exploited Linux Kernel Vulnerability
Related: Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
Related: Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
Related: Cisco Patches Critical Vulnerability in Secure Workload
