Cisco Vulnerability Rollup (2026-06-24)

CVE-2026-20230 is an unauthenticated SSRF with arbitrary file-write and root privilege escalation in Cisco Unified Communications Manager and Unified CM SME. EPSS is 0.20442 at the 97.2nd percentile, a public PoC is available, and honeypot telemetry confirms active exploitation — but the CVE is absent from the CISA KEV catalog, meaning organizations relying solely on KEV for prioritization will miss it. This is a critical-urgency item in practice despite its absence from KEV.

Author

Cisco — Vulnerability Rollup (2026-06-24)

Vulnerability Summary

Linked Intelligence Items (1)

Gallery

Contacts

Tech Jacks Solutions

Services

Learn

Company