Cisco has patched a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) that allows an unauthenticated network attacker to write arbitrary files to the system and escalate privileges to root. The flaw is tracked as CVE-2026-20230 and public proof-of-concept exploit code is already available, significantly lowering the barrier to exploitation. Cisco’s PSIRT has not confirmed active exploitation in the wild, but the availability of working PoC code makes patching urgent.

Architect’s Take: Apply Cisco’s patch immediately and treat any internet- or untrusted-network-exposed Unified CM instances as highest priority. As an interim control, restrict network access to Unified CM admin interfaces to trusted management VLANs only, and review ingress firewall rules to limit the blast radius while patching is under way.

Original advisory: Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public