Cisco has patched a server-side request forgery (SSRF) vulnerability in Unified Communications Manager (Unified CM) that allows an unauthenticated network attacker to write arbitrary files to the system and escalate privileges to root. The flaw is tracked as CVE-2026-20230 and public proof-of-concept exploit code is already available, significantly lowering the barrier to exploitation. Cisco’s PSIRT has not confirmed active exploitation in the wild, but the availability of working PoC code makes patching urgent.

Architect’s Take: Apply Cisco’s patch immediately and treat any internet- or untrusted-network-exposed Unified CM instances as highest priority. As an interim control, restrict network access to Unified CM admin interfaces to trusted management VLANs only, and review ingress firewall rules to limit the blast radius while patching is under way.

Original advisory: Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

CVE-2020-8561 is a vulnerability in the Kubernetes API server (kube-apiserver) that allows an attacker to redirect webhook traffic, potentially enabling server-side request forgery (SSRF) against internal network resources. By manipulating admission webhook configurations, a malicious actor could cause the API server to make requests to arbitrary internal endpoints, bypassing network controls. This affects Azure Kubernetes Service (AKS) and any Kubernetes environment where untrusted users can modify webhook configurations.

Architect’s Take: Review and restrict who has permission to create or modify ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects in your Kubernetes clusters — limit this to highly trusted administrators only. Audit existing webhook configurations for unexpected or suspicious target URLs, and consider network policies that restrict where the kube-apiserver can make outbound connections.

Original advisory: CVE-2020-8561 Webhook redirect in kube-apiserver