Cisco Unified CM Vulnerability CVE-2026-20230 Actively Exploited

Cisco has warned that CVE-2026-20230, a server-side request forgery (SSRF) vulnerability in its Unified Communications Manager (Unified CM) server, is now under active exploitation. The flaw, rated high severity, could allow an unauthenticated, remote attacker to send arbitrary HTTP requests from the vulnerable device, potentially leading to further network compromise.

The vulnerability affects Cisco Unified Communications Manager Server, a key platform for enterprise voice and messaging services. Exploitation does not require authentication, making it particularly dangerous for organizations that have not applied available security updates. The CVSS score has not been disclosed in available reports.

Active exploitation means adversaries are already targeting the flaw in real-world environments. Attackers can leverage the SSRF weakness to probe internal networks, access restricted services, or harvest credentials, bypassing perimeter defenses. Organizations using affected Cisco Unified CM versions should treat this as an urgent threat.

Cisco has released security patches to address CVE-2026-20230. Administrators are advised to apply fixes immediately and review their deployments for signs of compromise. No workarounds have been publicized, underscoring the need for prompt patching.

Attribution for the attacks has not been reported. This incident joins a growing list of pre-authentication flaws in enterprise collaboration software, highlighting the importance of rapid patch management in securing communication infrastructure.