Week 26 – Today’s offer: SSRF with root access
22 – 28 June 2026
In this week’s CVE of The Week, we’ll be looking at a newly exploited, high-severity server-side request forgery (SSRF) vulnerability, in Cisco Unified Communications Manager Server.
Tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.
After the exploitation was disclosed, SSD Secure published a technical write-up of the flaw explaining how the vulnerability works and sharing a proof-of-concept exploit. The researchers found that an unauthenticated attacker could exploit the WebDialer component by abusing its handling of user-supplied URLs. Specifically, by using file:// URIs, an attacker could force the application to write arbitrary files to the operating system.
Exploitation requires the attacker to first determine the target system’s hostname, but the researchers also showed that this information can be obtained directly from the device prior to the attack. While current activity appears limited to reconnaissance, broader exploitation is likely now that the vulnerability has been fully disclosed, and more threat actors are expected to begin targeting these servers.
However, successful exploitation is only possible if the WebDialer service is enabled, as it is disabled by default. Administrators can verify its status through the Cisco Unified CM Administration interface by navigating to Cisco Unified Serviceability, then selecting Tools → Control Center – Feature Services, and checking the Cisco WebDialer Web Service status under the CTI Services section. If the service is marked as “Started” WebDialer is enabled and the system may be at risk; if it is “Not Running” the attack path is not available.
The vulnerability has been patched in Unified CM and Unified CM SME versions 14SU6 and 15SU5. If immediate patching is not an option, it’s advised to disable the WebDialer service until a fix can be applied.
For additional information about the CVE, please visit:
https://ssd-disclosure.com/cisco-unified-communications-manager-arbitrary-file-write-to-rce/
https://cvefeed.io/vuln/detail/CVE-2026-20230
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.