CVE-2026-20081

🗓️ 15 Apr 2026 16:03:23Reported by ciscoType

Authenticated admin can download arbitrary files via web management due to input sanitization flaws with crafted requests.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-20081	15 Apr 202616:03	–	attackerkb
Circl	CVE-2026-20081	15 Apr 202618:33	–	circl
Tenable Nessus	Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)	17 Apr 202600:00	–	nessus
CNNVD	Cisco Unity Connection 安全漏洞	15 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-20081 Cisco Unity Connection Arbitrary File Download Vulnerability	15 Apr 202616:03	–	cvelist
EUVD	EUVD-2026-22957	15 Apr 202618:31	–	euvd
NVD	CVE-2026-20081	15 Apr 202617:17	–	nvd
Positive Technologies	PT-2026-33084	15 Apr 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-20081 Cisco Unity Connection Arbitrary File Download Vulnerability	15 Apr 202616:03	–	vulnrichment

NVD

Node

cisco unity_connectionRange≤12.5

cisco unity_connectionMatch14.0

cisco unity_connectionMatch14su1

cisco unity_connectionMatch14su2

cisco unity_connectionMatch14su3

cisco unity_connectionMatch14su3a

cisco unity_connectionMatch14su4

cisco unity_connectionMatch14su5

cisco unity_connectionMatch15.0

cisco unity_connectionMatch15su1

cisco unity_connectionMatch15su2

cisco unity_connectionMatch15su3

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unity Connection",
    "versions": [
      {
        "version": "12.5(1)",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "14SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "14SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU7",
        "status": "affected"
      },
      {
        "version": "14SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU8",
        "status": "affected"
      },
      {
        "version": "14SU3a",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU8a",
        "status": "affected"
      },
      {
        "version": "15",
        "status": "affected"
      },
      {
        "version": "15SU1",
        "status": "affected"
      },
      {
        "version": "14SU4",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU9",
        "status": "affected"
      },
      {
        "version": "15SU2",
        "status": "affected"
      },
      {
        "version": "15SU3",
        "status": "affected"
      },
      {
        "version": "14SU5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx

28 Apr 2026 16:13Current

6Medium risk

Vulners AI Score6

CVSS 3.16.5

EPSS0.00044

SSVC

CWE-23