CVE-2026-20078
Cisco Unity Connection Arbitrary File Download Vulnerability
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.
| CWE | CWE-23 |
| Vendor | cisco |
| Product | cisco unity connection |
| Ecosystems | |
| Industries | NetworkingTelecommunications |
| Published | Apr 15, 2026 |
| Last Updated | Apr 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for cisco cisco unity connection
Be the first to know when new medium vulnerabilities affecting cisco cisco unity connection are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
Cisco / Cisco Unity Connection
12.5(1) 12.5(1)SU1 12.5(1)SU2 12.5(1)SU3 12.5(1)SU4 14 12.5(1)SU5 14SU1 12.5(1)SU6 14SU2 12.5(1)SU7 14SU3 12.5(1)SU8 14SU3a 12.5(1)SU8a 15 15SU1 14SU4 12.5(1)SU9 15SU2 15SU3 14SU5