The Hacker News · Jun 4, 2026 16:55 UTC

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Summary

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery.

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Original reporting

Related coverage

Entities Identified as Chinese Military Companies Operating in the United States in Accordance With Section 1260H of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116-283, Section 1260H, as Amended (Codified at 10 U.S.C. § 113, Note))*

FCC Chair Carr says Scott Pelley ‘completely out of touch’ for not anticipating ’60 Minutes’ firing

Charter puts Hacker in charge of security