InfoSecBulletin Cybersecurity for mankind
A serious SSRF flaw, called CVE-2026-20230, in Cisco Unified Communications Manager Server is now being used in attacks. Cisco put out security updates for the CVE-2026-20230 flaw on June 3. They warned that attackers could gain full control of the device.
“A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device,” warned Cisco.
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
The flaw was disclosed to Cisco by SSD Secure, who did not share any technical details at the time. Now, threat intelligence firm Defused warned that the flaw is now being actively exploited in attacks.
“Over the weekend we observed exploitation of CVE-2026-20230 – Cisco Unified CM (CUCM) WebDialer SSRF → root file-write (CVSS 8.6) No previously recorded exploitation, and not yet listed in CISA KEV,” Defused warned on X.
Defused says the attacks come from one IP address and use special file:// codes to make files on the device.
The flaw can be used in attacks to place webshells and get root access, but the example seen by Defused seems made to find weak devices by trying to save a text file called ‘/tmp/cve-2026-20230-test.txt’ on them.
After the problem was revealed, SSD Secure released a technical document about the issue. It explained how the weakness works and included a test example of the exploit.
The researchers discovered that a hacker without permission could misuse the Webdialer feature’s management of user URLs. This allows them to make the app write random files to the system using file:// links.
