Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery SSRF attacks through an affected device. For more information about these vulnerabilities, see the Details "details" section of this advisory. Cisco...

PT-2026-37648

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection affected versions not specified Description Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved...

Cisco Unity Connection（UC） 安全漏洞

Cisco Unity Connection UC is a voice messaging platform developed by the American company Cisco. This platform allows users to make calls or listen to voic messages using voice commands. There is a security vulnerability in Cisco Unity Connection UC, which stems from insufficient user input...

Cisco Unity Connection Web Inbox 代码问题漏洞

Cisco Unity Connection Web Inbox is a voicemail access and management interface provided by the American company Cisco. There is a code vulnerability in Cisco Unity Connection Web Inbox, which stems from improper input validation for specific HTTP requests. This vulnerability could allow...

PT-2026-37649

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection Web Inbox affected versions not specified Description Improper input validation for specific HTTP requests in the web UI allows an unauthenticated remote attacker to perform Server-Side Request Forgery SSRF, a technique...

Cisco Unity Connection Arbitrary File Download (cisco-sa-unity-file-download-RmKEVWPx)

According to its self-reported version, Cisco Unity Connection is affected by multiple arbitrary file download vulnerabilities: - Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these...

Cisco Unity Connection Web Management Interface SQL Injection Vulnerability

Cisco Unity Connection is a unified communications messaging platform that focuses on providing voicemail and messaging capabilities. An SQL injection vulnerability exists in Cisco Unity Connection. The vulnerability stems from insufficient validation of user-supplied input and can be exploited b...

EUVD-2026-22956

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

EUVD-2026-22951

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

EUVD-2026-22955

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

EUVD-2026-22953

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

EUVD-2026-22957

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

CVE-2026-20060

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...

CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This...

CVE-2026-20081

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

CVE-2026-20059

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

CVE-2026-20078

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...

CVE-2026-20059

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...