Cisco Unified CM SSRF flaw exploited to drop webshells (CVE-2026-20230)
Attackers began actively exploiting a critical unauthenticated server-side request forgery flaw in Cisco Unified Communications Manager, tracked as CVE-2026-20230, using the WebDialer service to write files and drop JSP webshells on enterprise telephony servers.
- Victim
- Cisco Unified Communications Manager