EUVD-2026-27848
GHSA-w7jh-xmq5-2m7v
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
AnalysisAI
Server-Side Request Forgery (SSRF) in Cisco Unity Connection Web Inbox allows remote unauthenticated attackers to send arbitrary network requests sourced from the vulnerable server. The vulnerability affects the web UI component and requires no authentication, privileges, or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), enabling attackers to abuse the server's network position for internal network reconnaissance, service enumeration, or attacks against backend systems. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all Cisco Unity Connection deployments and document their network position and connected backend systems. Within 7 days: Apply network segmentation to isolate Unity Connection Web Inbox from internal resources; implement egress filtering to restrict outbound connections from the server; monitor for suspicious outbound network activity. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today