Skip to main content

Cisco Unity Connection CVE-2026-20034

| EUVDEUVD-2026-27847 HIGH
Path Traversal: '.../...//' (CWE-35)
2026-05-06 cisco GHSA-wfvp-xw34-rhwq
8.8
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 17:32 vuln.today

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.

AnalysisAI

Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.

Technical ContextAI

Cisco Unity Connection is a unified messaging platform providing voicemail, email, and fax services for enterprise communications. The vulnerability resides in the web-based management interface's API request handling mechanism. According to CWE-35 (Path Traversal), the root cause involves improper validation of user-supplied input that likely includes path elements, allowing attackers to manipulate file system references or command execution contexts. The web interface processes API requests without adequately sanitizing input parameters, enabling injection of malicious payloads. The CVSS vector (AV:N/AC:L) indicates the vulnerable API endpoint is network-accessible with low attack complexity, requiring only basic HTTP request manipulation skills once authenticated.

RemediationAI

Apply the vendor-released patch per Cisco Security Advisory cisco-sa-unity-rce-ssrf-hENhuASy available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy, which specifies fixed software versions and upgrade procedures. Until patching is complete, implement compensating controls including restricting network access to the web management interface to trusted administrative networks or VPN-only access, enforcing multi-factor authentication for all Unity Connection user accounts to raise the credential compromise bar, conducting immediate audit of user accounts to disable unused or unnecessary credentials, and monitoring API request logs for unusual patterns such as requests containing path traversal characters (../, encoded variants) or unexpected command syntax. Note that restricting network access may impair legitimate remote administration workflows, requiring administrators to use VPN or jump hosts. Account lockout policies should be reviewed to balance security against operational availability for legitimate users.

Share

CVE-2026-20034 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy