{"vulnerability": "CVE-2026-20230", "sightings": [{"uuid": "4746fb81-de25-4866-aebb-56388ebab167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-547", "content": "", "creation_timestamp": "2026-06-03T12:22:10.000000Z"}, {"uuid": "e3e69360-49ae-4d61-b7db-d3be7fd7e917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mng7rwuf3i2c", "content": "CVE-2026-20230 - SSRF in Cisco Unified CM & Unified CM SME. Improper HTTP input validation. CVSS 8.6. Unpatched. No workaround available. Monitor for updates. #CVE #Cisco #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-20230/", "creation_timestamp": "2026-06-03T23:03:34.158889Z"}, {"uuid": "6002d201-cbc9-4587-9ccb-3ff2dcd8fb8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnhan2l7ls2n", "content": "Cisco released patches for CVE-2026-20230 in Unified CM and Unified CM SME, where improper HTTP input validation enables SSRF and potential root escalation.\n", "creation_timestamp": "2026-06-04T08:51:23.804102Z"}, {"uuid": "5e7617eb-cac8-4548-b6ee-275c0488d685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mnhb5genbz23", "content": "Cisco Unified CM & SME face a CRITICAL SSRF flaw (CVE-2026-20230). Only systems with WebDialer enabled are at risk. Patch to 14SU6 ASAP \u2014 PoC is public, no live attacks yet. https://radar.offseq.com/threat/cisco-warns-of-available-poc-for-critical-unified--c947124b #OffSeq #Cisco #SecurityAlert", "creation_timestamp": "2026-06-04T09:00:33.661242Z"}, {"uuid": "2de60f3c-c759-4a27-9ade-b5b5ed15a650", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116691018083283672", "content": "\u26a0\ufe0f CRITICAL: Cisco Unified CM/SME hit by SSRF vuln (CVE-2026-20230). Unauthenticated remote attackers can write files & escalate to root if WebDialer is enabled. Patch to 14SU6 ASAP. PoC out, no active exploitation. https://radar.offseq.com/threat/cisco-warns-of-available-poc-for-critical-unified--c947124b #OffSeq #Cisco #SSRF #Vuln", "creation_timestamp": "2026-06-04T09:00:43.736581Z"}, {"uuid": "e66c0d24-d6df-4caf-9398-17f1beb4aa98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnhfdb677x2l", "content": "Cisco patched CVE-2026-20230 in Unified CM and Unified CM SME after PoC code surfaced. The flaw could enable SSRF via crafted HTTP requests and may lead to root access on affected systems. #Cisco #UnifiedCM #CVE202620230", "creation_timestamp": "2026-06-04T10:15:23.706928Z"}, {"uuid": "029b88fa-a1ea-474a-b464-0596bf10c059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1899", "content": "", "creation_timestamp": "2026-06-03T21:00:00.000000Z"}, {"uuid": "74677dba-4642-42c5-8708-e0b18e9c3fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://www.acn.gov.it/portale/w/cisco-cucm-disponibile-poc-per-lo-sfruttamento-di-vulnerabilita", "content": "Disponibile un Proof of Concept (PoC) per la CVE-2026-20230 \u2013 gi\u00e0 sanata dal vendor \u2013 presente in Cisco Unified Communications Manager (CUCM) e Cisco Unified CM Session Management Edition (CUCM SME), note soluzioni Cisco per la gestione delle comunicazioni VoIP aziendali. Tale vulnerabilit\u00e0, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di scrivere file arbitrari sul filesystem dei sistemi interessati", "creation_timestamp": "2026-06-04T07:04:00.000000Z"}, {"uuid": "66b30a01-b4f7-4e6a-b475-cb8737b93c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3mnhg43zcy32h", "content": "CVE-2026-20230: Critical Cisco Unified CM SSRF Flaw Exposes Enterprises to Root-Level Takeover via Public Exploit Code +\u00a0Video\n\nBreaking Security Reality: A Hidden Door Inside Enterprise Voice Infrastructure A newly disclosed vulnerability in Cisco Unified Communications Manager (Unified CM) has\u2026", "creation_timestamp": "2026-06-04T10:29:17.638797Z"}, {"uuid": "24fbf84e-df9d-4cd2-a351-9f90749b2eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20230", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mnhicayvz62k", "content": "CVE-2026-20230: Public PoC for Cisco Unified CM Vulnerability Risks Remote Root Access", "creation_timestamp": "2026-06-04T11:08:31.175249Z"}]}