Skip to main content

Tag: ssrf

6 articles

Cisco Unified Communications Manager system equipment in a network room.

Cisco Confirms Active Exploitation of Unified CM Flaw

Over 200 Cisco Unified Communications Manager instances are vulnerable to a remotely exploitable flaw, CVE-2026-20230, which allows low-complexity server-side request forgery attacks with a simple crafted HTTP request. This critical vulnerability puts widely used IP telephony systems at risk, particularly in Asia and North America.

Analyst 207
Network equipment racks with Cisco device and cables, monitored by IT staff.

Cisco Vulnerabilities Targeted in String of Exploits

Hackers are actively exploiting a recently patched Cisco vulnerability, CVE-2026-20230, using a clever chain of attacks that can grant them root privileges on compromised devices. This alarming exploit activity was uncovered by threat-intel company Defused, highlighting the urgent need for robust security measures.

Analyst 207
Rack-mounted router in a network closet with a blurred city transit platform visible through a nearby window.

Cisco Unified CM Flaw Exploited in Active Attacks

Hackers are actively exploiting a high-severity flaw in Cisco Unified CM, tracked as CVE-2026-20230, which allows them to send malicious HTTP requests and potentially take control of affected devices. This vulnerability, with a CVSS score of 8.6, could enable attackers to write files to the underlying operating system and escalate their privileges.

Analyst 207
Technicians work in a network operations room with rows of server racks and equipment.

Cisco Unified CM flaw exploited in targeted attacks

Hackers are actively exploiting a high-severity flaw in Cisco Unified Communications Manager, allowing them to gain unauthorized access and control over vulnerable systems. This newly discovered vulnerability, tracked as CVE-2026-20230, has a CVSS score of 8.6, indicating a significant threat to security.

Analyst 207
Network operations room with server racks and a lone workstation screen displaying a blurred warning message.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public

Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room.

LMDeploy Vulnerability Exploited Within 13 Hours of Disclosure

A critical vulnerability in LMDeploy's vision-language module was exploited in the wild just 13 hours after its disclosure, allowing attackers to access sensitive resources and internal networks. This server-side request forgery flaw, tracked as CVE-2026-33626, affects all versions of the toolkit prior to 0.12.0.

Analyst 207