criticalCISA KEVCVE-2026-20230

Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability

Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.

ProductUnified Communications Manager
CVSS8.6
EPSS0.41694
UpdatedJuly 9, 2026

Quick answer

Cisco Unified Communications Manager should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Cisco Unified Communications Manager and Unified CM SME are affected by an SSRF issue that can write files to the underlying operating system and support later privilege escalation. Apply the Cisco fixed software release, restrict access to Unified CM services, and inspect file-system and application logs for unauthorized writes.

  1. Inventory Unified CM and Unified CM SME clusters, nodes, versions, exposed services, and administrative access paths.
  2. Upgrade affected systems to the Cisco fixed release for CVE-2026-20230.
  3. Restrict Unified CM web, API, and administrative interfaces to trusted voice and admin networks.
  4. Review reverse proxy, firewall, and load balancer rules for unnecessary external access to Unified CM endpoints.
  5. Inspect application logs, OS logs, uploaded files, configuration files, and temporary directories for SSRF-driven file writes.
  6. Rotate Unified CM administrator, application user, AXL, SIP trunk, LDAP, and integration credentials if suspicious writes are found.
  7. Restore from trusted backups or rebuild nodes if unauthorized files or persistence are discovered.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm every Unified CM node reports a Cisco fixed version for CVE-2026-20230.
  • Validate affected endpoints and management interfaces are not exposed to untrusted networks.
  • Review Cisco logs for SSRF attempts, file-write artifacts, and unexpected privilege escalation activity.
  • Test call routing, registration, voicemail, and admin workflows after remediation.
  • Run a Fixnx scan and confirm no public Unified CM administration exposure remains.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-20230?

Cisco Unified Communications Manager should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.