Cisco Unified Communications Manager contains a critical unauthenticated SSRF-to-root chain in the WebDialer service component, affecting all versions prior to 14SU6 and 15SU5. Public proof-of-concept code is available, materially shortening the weaponization timeline. Organizations with WebDialer enabled must patch or disable the service immediately.