Cisco has released patches for a critical vulnerability (CVE-2026-20230) in its Unified Communications Manager that allows for potential server-side request forgery attacks, which could grant attackers root access. The flaw, which affects devices with the WebDialer service enabled, has a CVSS score of 8.6, and while proof-of-concept code exists, there have been no reported exploits.
Cisco has released patches for a high-severity vulnerability (CVE-2026-20230) in Unified Communications Manager, which could allow attackers to gain root privileges through server-side request forgery (SSRF) attacks. For cybersecurity professionals, it is crucial to ensure that these patches are promptly applied, especially on devices with the WebDialer service enabled. Additionally, awareness of the available proof-of-concept exploit code heightens the need for immediate action to mitigate potential risks.