CVE-2026-20034
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arb
CVSS
8.8
Alto
EPSS
0.7%
p49
KEV
—
Exploit Today
15
0-100
Publicado: 6 may 2026 · Última mod.: 1 jul 2026 · CWE-35
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.