A critical vulnerability in Cisco Unified CM, tracked as CVE-2026-20230, is being actively exploited by attackers, despite a patch being released weeks ago. This flaw, which carries a CVSS base score of 8.6, could allow attackers to gain root access to affected systems. Threat intelligence firm Defused reported observing exploitation activity over the weekend, with attackers using a proof-of-concept exploit to land file-write payloads on decoy systems1. The fact that exploitation is occurring from a single source using an unvetted proof-of-concept suggests that attackers are quickly moving to take advantage of the vulnerability. The active exploitation of this vulnerability means that administrators should prioritize patching affected systems as soon as possible, rather than simply monitoring the situation. This vulnerability's exploitation status makes it a patch-now situation for organizations using Cisco Unified CM, in order to prevent potential root access breaches.
Attackers exploit Cisco Unified CM flaw weeks after patch release
⚠️ Critical Alert
Why This Matters
CVE-2026-20230 is in active discussion involving Cisco — exploitation status determines whether this is patch-now or monitor.
References
- CSO Online. (2026, June 24). Attackers exploit Cisco Unified CM flaw weeks after patch release. *CSO Online*. https://www.csoonline.com/article/4188867/attackers-exploit-cisco-unified-cm-flaw-weeks-after-patch-release.html
Original Source
CSO Online
Read original →