Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June.
Unified CM (formerly known as Cisco CallManager) is the central control system for Cisco IP telephony systems, handling call routing, device management, and telephony features.
Threat actors without privileges can exploit the vulnerability (CVE-2026–20230) remotely in low-complexity server-side request forgery (SSRF) attacks by sending a crafted HTTP request.
