Cisco Unified CM SSRF Flaw Is Being Exploited to Drop Webshells
CVE-2026-20230, an SSRF in Cisco Unified CM’s WebDialer component, is being actively exploited via Tor to chain file writes into persistent webshells. Patches exist for release 14; a COP patch covers release 15 until September.