Skip to main content

Cisco Unity Connection

2 CVEs product

Monthly

CVE-2026-20034 HIGH This Week

Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.

RCE Cisco Cisco Unity Connection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-20035 HIGH This Week

Server-Side Request Forgery (SSRF) in Cisco Unity Connection Web Inbox allows remote unauthenticated attackers to send arbitrary network requests sourced from the vulnerable server. The vulnerability affects the web UI component and requires no authentication, privileges, or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), enabling attackers to abuse the server's network position for internal network reconnaissance, service enumeration, or attacks against backend systems. The changed scope (S:C) indicates impact extends beyond the vulnerable component to other network resources accessible from the Unity Connection server.

SSRF Cisco Cisco Unity Connection
NVD
CVSS 3.1
7.2
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.

RCE Cisco Cisco Unity Connection
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Server-Side Request Forgery (SSRF) in Cisco Unity Connection Web Inbox allows remote unauthenticated attackers to send arbitrary network requests sourced from the vulnerable server. The vulnerability affects the web UI component and requires no authentication, privileges, or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), enabling attackers to abuse the server's network position for internal network reconnaissance, service enumeration, or attacks against backend systems. The changed scope (S:C) indicates impact extends beyond the vulnerable component to other network resources accessible from the Unity Connection server.

SSRF Cisco Cisco Unity Connection
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy