Critical SSRF Vulnerability in Cisco Unified CM Exploited via Public PoC A proof-of-concept (PoC) exploit has been released for a critical server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME), tracked as CVE-2026-20230. The flaw, rated 8.6 (High) on the CVSS v3.1 scale but classified as Critical by Cisco due to its potential for root-level privilege escalation, exposes vulnerable systems to remote exploitation. The vulnerability arises from improper input validation in HTTP requests (CWE-918), allowing unauthenticated attackers to interact with internal services. By sending crafted HTTP requests, threat actors can perform SSRF attacks and write arbitrary files to the underlying OS, enabling privilege escalation and potential full system compromise. Exploitation is only possible if the Cisco WebDialer service disabled by default but active in some deployments is enabled. The public release of the PoC exploit heightens the risk, as it provides attackers with a functional attack method. Security researchers confirm the exploit demonstrates SSRF-based file-writing capabilities, which could be used for persistence or further lateral movement, particularly in internet-facing or compromised internal networks. Affected systems include Cisco Unified CM and Unified CM SME with the WebDialer service running. Administrators can check vulnerability status via the Cisco Unified CM Administration interface under Cisco Unified Serviceability > Control Center – Feature Services. If the Cisco WebDialer Web Service is marked as "Started," the system is exposed. Cisco has released software updates to patch the flaw, with no official workarounds available. As a temporary mitigation, disabling the WebDialer service is recommended. Additional defensive measures include restricting access to management interfaces and monitoring for suspicious outbound HTTP requests or unauthorized file creation. While no active compromises have been reported, organizations are urged to prioritize patching due to the high risk of exploitation and the potential for root-level access. The vulnerability underscores the urgency of securing enterprise communication systems against SSRF-based attacks.