CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerability
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
| CWE | CWE-918 |
| Vendor | cisco |
| Product | cisco unity connection |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | May 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco unity connection
Be the first to know when new high vulnerabilities affecting cisco cisco unity connection are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Cisco / Cisco Unity Connection
12.5(1) 12.5(1)SU1 12.5(1)SU2 12.5(1)SU3 12.5(1)SU4 14 12.5(1)SU5 14SU1 12.5(1)SU6 14SU2 12.5(1)SU7 14SU3 12.5(1)SU8 14SU3a 12.5(1)SU8a 15 15SU1 14SU4 12.5(1)SU9 15SU2 15SU3