CISA sets urgent deadline to fix Cisco flaw exploited in attacks

Key Points:

• CVE-2026-20230 is a critical server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager Server, actively exploited in attacks.
• The vulnerability allows remote exploitation without authentication, enabling attackers to write arbitrary text files to affected endpoints. Federal agencies must patch it by June 28.
• Immediate remediation is required by applying the available patch or ceasing use of the affected products.

Technical Details: CVE-2026-20230 can be exploited via specially crafted HTTP requests. A proof-of-concept exploit exists, and its active exploitation has been confirmed by threat detection firm Defused.

MITRE ATT&CK Techniques:

• T1190 - Exploit Public-Facing Application (Initial Access)

IOCs Mentioned: None mentioned