A Critical Vulnerability in Cisco’s Unified Communications Manager is Being Actively Exploited by Attackers
A major cybersecurity vulnerability has been confirmed to be actively exploited by attackers, putting thousands of businesses and organizations at risk. Cisco Systems, a leading provider of networking equipment and software, has finally acknowledged that its Unified Communications Manager (Unified CM) flaw is being targeted by malicious actors.
The vulnerability, identified as CVE-2026-20230, affects the central control system for Cisco’s IP telephony systems, which handle call routing, device management, and telephony features. Attackers can exploit this weakness remotely using low-complexity server-side request forgery (SSRF) attacks by sending a specially crafted HTTP request.
Cisco patched this issue in early June, but at the time, the company was unsure whether it had been actively exploited. However, within weeks of releasing the patches, threat intelligence firms Defused and SSD Secure revealed that attackers were indeed using this vulnerability to create files on targeted devices. Now, Cisco has confirmed that proof-of-concept exploit code is available for CVE-2026-20230 and that its Product Security Incident Response Team (PSIRT) is aware of active exploitation.
The impact of this vulnerability is significant, as it can allow attackers to gain unauthorized access to sensitive systems and potentially steal or manipulate data. The fact that over 200 Cisco Unified CM instances are exposed online, mostly in Asia and North America, only adds to the concern. While some organizations may have already patched their systems against CVE-2026-20230, many others remain vulnerable.
This is not an isolated incident; in recent years, Cisco has patched several other vulnerabilities in its Unified CM software that have been actively exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also flagged 93 Cisco vulnerabilities as actively exploited since November 2021, including six used in ransomware attacks.
To mitigate this risk, Cisco is urging customers to upgrade to a fixed software release or, if that’s not possible, disable the vulnerable WebDialer service. While these measures can provide temporary protection, they are no substitute for a thorough patching and security review of all systems.
The takeaway from this incident is clear: cybersecurity threats are constantly evolving, and even seemingly minor vulnerabilities can have significant consequences when exploited by skilled attackers. As such, it’s essential to prioritize regular security updates, testing, and monitoring to stay ahead of potential threats.
Source: Bleeping Computer — 2026-07-02