Cisco Unified CM vulnerability exploited to gain root access via WebDialer (opens in new tab)

A high-severity vulnerability tracked as CVE-2026-20230 is currently being exploited in the wild against Cisco Unified Communications Manager (Unified CM) and Session Management Edition. The flaw resides in the WebDialer service and stems from improper input validation of specific HTTP requests. Attackers can leverage this weakness to conduct Server-Side Request Forgery (SSRF) attacks without requiring any prior authentication. <a href="