Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

A critical vulnerability in Cisco's Unified Communications Manager, tracked as CVE-2026-20230, has been exploited by threat actors, allowing unauthorized remote access with a CVSS score of 8.6. This flaw stems from improper input validation for specific HTTP requests, enabling attackers to write files to the system and potentially gain root access. The vulnerability affects both Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. As a result, threat actors can leverage this exploit to compromise affected systems, emphasizing the need for immediate attention from administrators¹. The active exploitation of this vulnerability underscores the importance of prompt patching or close monitoring. This matters to security practitioners because the exploitation status of CVE-2026-20230 determines whether this is a patch-now or monitor situation, making it essential to stay informed about the latest developments and take proactive measures to protect vulnerable systems.