Cisco Unified CM SME flaw CVE-2026-20230 now exploited in attacks

A high-severity SSRF vulnerability, CVE-2026-20230, in Cisco Unified Communications Manager and Unified CM SME is now actively exploited. Cisco released patches on June 3 warning the flaw could give attackers root privileges. Threat intelligence firm Defused observed attacks from a single IP writing test files to devices.