GitHub PoC

• HORKimhab/CVE-2026-20230 • ⭐ 1 • 2026-06-05 • Conf: 85.0%
• CVE-2026-20230 - Cisco Unified CM
• HalilDeniz/CVE-2026-20230-Scanner • ⭐ 0 • 2026-06-12 • Conf: 90.0%
• Cisco Unified Communications Manager (Unified CM) deployments affected by CVE-2026-20230.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

MITRE

CVSS

• Score: 8.6
• Severity: HIGH
• Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

SSVC

• Exploitation: active
• Automatable: no
• Technical Impact: total

References

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

Show Raw Data

Key	Remaining Key	Value
dataType		CVE_RECORD
dataVersion		5.2
cveMetadata >	cveId	CVE-2026-20230
cveMetadata >	assignerOrgId	d1c1063e-7a18-46af-9102-31f8928bc633
cveMetadata >	state	PUBLISHED
cveMetadata >	assignerShortName	cisco
cveMetadata >	dateReserved	2025-10-08T11:59:15.399Z
cveMetadata >	datePublished	2026-06-03T16:09:45.961Z
cveMetadata >	dateUpdated	2026-06-25T20:27:03.747Z
containers >	cna > providerMetadata > orgId	d1c1063e-7a18-46af-9102-31f8928bc633
containers >	cna > providerMetadata > shortName	cisco
containers >	cna > providerMetadata > dateUpdated	2026-06-03T16:09:45.961Z
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Note: To exploit this vulnerability, the WebDialer service must be enabled. WebDialer is disabled by default.
containers >	cna > affected > 0 > vendor	Cisco
containers >	cna > affected > 0 > product	Cisco Unified Communications Manager
containers >	cna > affected > 0 > versions > 0 > version	N/A
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > description	Server-Side Request Forgery (SSRF)
containers >	cna > problemTypes > 0 > descriptions > 0 > type	cwe
containers >	cna > problemTypes > 0 > descriptions > 0 > cweId	CWE-918
containers >	cna > references > 0 > url	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW
containers >	cna > references > 0 > name	cisco-sa-cucm-ssrf-cXPnHcW
containers >	cna > metrics > 0 > format	cvssV3_1
containers >	cna > metrics > 0 > cvssV3_1 > version	3.1
containers >	cna > metrics > 0 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
containers >	cna > metrics > 0 > cvssV3_1 > baseScore	8.6
containers >	cna > metrics > 0 > cvssV3_1 > baseSeverity	HIGH
containers >	cna > metrics > 0 > cvssV3_1 > attackVector	NETWORK
containers >	cna > metrics > 0 > cvssV3_1 > attackComplexity	LOW
containers >	cna > metrics > 0 > cvssV3_1 > privilegesRequired	NONE
containers >	cna > metrics > 0 > cvssV3_1 > userInteraction	NONE
containers >	cna > metrics > 0 > cvssV3_1 > scope	CHANGED
containers >	cna > metrics > 0 > cvssV3_1 > confidentialityImpact	NONE
containers >	cna > metrics > 0 > cvssV3_1 > integrityImpact	HIGH
containers >	cna > metrics > 0 > cvssV3_1 > availabilityImpact	NONE
containers >	cna > exploits > 0 > lang	en
containers >	cna > exploits > 0 > value	The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory. The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.
containers >	cna > source > advisory	cisco-sa-cucm-ssrf-cXPnHcW
containers >	cna > source > discovery	EXTERNAL
containers >	cna > source > defects > 0	CSCws67331
containers >	adp > 0 > metrics > 0 > other > type	ssvc
containers >	adp > 0 > metrics > 0 > other > content > id	CVE-2026-20230
containers >	adp > 0 > metrics > 0 > other > content > role	CISA Coordinator
containers >	adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation	active
containers >	adp > 0 > metrics > 0 > other > content > options > 1 > Automatable	no
containers >	adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact	total
containers >	adp > 0 > metrics > 0 > other > content > version	2.0.3
containers >	adp > 0 > metrics > 0 > other > content > timestamp	2026-06-25T19:50:08.910362Z
containers >	adp > 0 > references > 0 > url	https://denizhalil.com/2026/06/12/cve-2026-20230-cisco-unified-cm-ssrf/
containers >	adp > 0 > references > 0 > tags > 0	exploit
containers >	adp > 0 > references > 1 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20230
containers >	adp > 0 > references > 1 > tags > 0	government-resource
containers >	adp > 0 > title	CISA ADP Vulnrichment
containers >	adp > 0 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 0 > providerMetadata > shortName	CISA-ADP
containers >	adp > 0 > providerMetadata > dateUpdated	2026-06-25T20:27:03.747Z