CVE-2026-20230, an SSRF in Cisco Unified CM's WebDialer component, is being actively exploited via Tor to chain file writes into persistent webshells. Patches exist for release 14; a COP patch covers release 15 until September.

Cisco Unified CM SSRF Flaw Is Being Exploited to Drop Webshells on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.

Rebecca Sutton

Source: LatestHackingNews
Source Link: https://latesthackingnews.com/2026/06/25/cisco-unified-cm-ssrf-exploited/