Cisco patches critical Unified CM flaw that could grant root access via SSRF
Cisco released security updates for a critical flaw in Unified CM (CVE-2026-20230) that can be exploited remotely through SSRF to write files and escalate to root. A public PoC exists, but there is no evidence of active exploitation yet. The vulnerability affects systems with WebDialer enabled (WebDialer is disabled by default); admins are urged to upgrade to 14SU6 or 15SU5 or disable WebDialer as a temporary measure until patches are applied.