Unified CM

Threat actors are exploiting CVE-2026-20230 in Cisco Unified CM and Unified CM SME, a critical flaw that can enable server-side request forgery and file writes. Cisco has patched affected versions, and WebDialer must be enabled for abuse.