CVE-2026-20230 is a critical unauthenticated SSRF vulnerability in the WebDialer component of Cisco Unified Communications Manager releases 14 and 15 that enables arbitrary file writes and full root escalation on the underlying server. No authentication is required, public proof-of-concept code is available, and Cisco PSIRT has assigned a CVSS base score of 9.5. Organizations running affected Unified CM or Unified CM SME releases face complete communications infrastructure compromise until patched or until WebDialer is disabled.