Attackers are actively exploiting a high-severity vulnerability in Cisco’s Unified Communications Manager (Unified CM). The flaw, identified as CVE-2026-20230, carries a CVSS score of 8.6.
Remote attackers can use the vulnerability to conduct server-side request forgery and write arbitrary files. Successful exploitation allows unauthenticated users to gain root-level privileges on affected systems.
Threat intelligence firm Defused observed the first recorded exploitation over the weekend of June 20-21, 2026. Cisco released patches for the flaw on June 3, 2026, after acknowledging the availability of proof-of-concept exploit code. The company urges customers to upgrade immediately as no workarounds exist.