Cisco Unified Communications Manager and Unified CM Session Management Edition contain a critical SSRF vulnerability (CVE-2026-20230) due to insufficient input validation in certain HTTP requests. This vulnerability allows unauthenticated remote attackers to send crafted HTTP requests that can write files to the device's operating system, potentially leading to root privilege escalation. The vulnerability impacts only devices with the WebDialer service enabled, which is disabled by default. Cisco has addressed the issue in version 14SU6 and will include the fix in 15SU5. Proof-of-concept exploit code is available, but no active exploitation has been observed.

Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to write arbitrary files to the underlying operating system of affected Cisco Unified CM devices and escalate privileges to root. This could lead to full system compromise of the affected device. However, only devices with the WebDialer service enabled are vulnerable, limiting the attack surface. There are no known active exploits in the wild at this time.

Cisco has released an official patch for this vulnerability in Unified CM and Unified CM SME version 14SU6. Organizations should apply this update to affected systems. The WebDialer service, which is disabled by default, must be enabled for the vulnerability to be exploitable; disabling this service if not needed further reduces risk. Cisco plans to include the fix in version 15SU5 as well. Since patches are available, remediation should be performed promptly. No additional mitigation steps are indicated by the vendor advisory.