Multiple reports say threat actors are exploiting a critical vulnerability affecting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The issue is tracked as CVE-2026-20230, described as a high-severity server-side issue involving improper handling of specific HTTP requests. The Hacker News reports that a proof of concept (PoC) demonstrated a file-write path that could lead to root-level compromise. Bleeping Computer characterizes the flaw as an SSRF (server-side request forgery) vulnerability in Cisco Unified Communications Manager Server and states that it is now being actively exploited in attacks.
Across the sources, the core points are that the vulnerability is remotely reachable over HTTP, requires no authentication, and can be used to manipulate the target in a way that escalates impact to severe system compromise. Both outlets link increased real-world activity to public PoC/disclosure information, indicating that attackers move quickly once workable exploitation details become available.
