CVE-2026-20035

Medienbericht

EPSS 0.02%
Veröffentlicht 06.05.2026 16:15:57
Zuletzt bearbeitet 06.05.2026 18:59:53
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Unity Connection Server-Side Request Forgery Vulnerability

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.

This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Unity Connection

Default Statusunknown

Version 12.5(1)

Status affected

Version 12.5(1)SU1

Status affected

Version 12.5(1)SU2

Status affected

Version 12.5(1)SU3

Status affected

Version 12.5(1)SU4

Status affected

Version 14

Status affected

Version 12.5(1)SU5

Status affected

Version 14SU1

Status affected

Version 12.5(1)SU6

Status affected

Version 14SU2

Status affected

Version 12.5(1)SU7

Status affected

Version 14SU3

Status affected

Version 12.5(1)SU8

Status affected

Version 14SU3a

Status affected

Version 12.5(1)SU8a

Status affected

Version 15

Status affected

Version 15SU1

Status affected

Version 14SU4

Status affected

Version 12.5(1)SU9

Status affected

Version 15SU2

Status affected

Version 15SU3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.069

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html

Media Report

https://www.heise.de/news/Cisco-Codeschmuggel-Leck-in-Unity-Connection-und-weitere-Luecken-11285115.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy

https://nvd.nist.gov/vuln/detail/CVE-2026-20035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20035

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20035