Cisco Unity Connection Web Inbox SSRF Vulnerability (CVE-2026-20035)

/HIGH /CVSS 7.2/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityserver-side-request-forgerycwe-918
Cisco Unity Connection Web Inbox SSRF Vulnerability (CVE-2026-20035)

The National Vulnerability Database has disclosed CVE-2026-20035, a high-severity Server-Side Request Forgery (SSRF) vulnerability in the web UI of Cisco Unity Connection Web Inbox. This flaw, rated 7.2 CVSSv3.1, stems from improper input validation for specific HTTP requests.

An unauthenticated, remote attacker can exploit this by sending a crafted HTTP request. The successful exploitation allows the attacker to force the affected device to send arbitrary network requests, effectively turning the Cisco Unity Connection Web Inbox into a proxy for malicious activity. This significantly expands an attacker’s reach within a network, potentially bypassing perimeter defenses and accessing internal resources.

While specific affected products are not detailed by the National Vulnerability Database, organizations utilizing Cisco Unity Connection Web Inbox should consider this a critical alert. The ability for an unauthenticated attacker to initiate arbitrary network requests from a trusted internal device creates a dangerous pivot point for reconnaissance, lateral movement, and data exfiltration.

What This Means For You

  • If your organization uses Cisco Unity Connection Web Inbox, you need to understand that CVE-2026-20035 is a gateway for unauthenticated attackers to conduct internal network reconnaissance and potentially access sensitive systems. This isn't just a theoretical risk; it’s a direct path to an internal pivot. Prioritize patching or implementing compensating controls immediately to prevent your communication infrastructure from becoming an attacker’s launchpad.

Indicators of Compromise

IDTypeIndicator
CVE-2026-20035 SSRF Cisco Unity Connection Web Inbox web UI
CVE-2026-20035 SSRF Improper input validation for specific HTTP requests

Written by SCW Vulnerability Desk

🔎
Track Cisco Vulnerabilities Use /org cisco.com to see other related threats and advisories affecting Cisco products.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 06, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

NanoClaw Container Vulnerability Allows Arbitrary File Access, Recursive Deletion

CVE-2026-7875 — NanoClaw contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read...

vulnerabilityCVEhigh-severityarbitrary-file-accesscwe-22
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 5 IOCs

CVE-2026-42503: gopls Vulnerability Exposes Dev Environments to RCE

CVE-2026-42503 — gopls by default communicates via pipe. However, -port and -listen flags are supported as means of debugging. If -listen is given a value...

vulnerabilityCVEhigh-severitycwe-1327
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs

CVE-2026-23870: High-Severity DoS Flaw in React Server Components

CVE-2026-23870 — A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server...

vulnerabilityCVEhigh-severitydenial-of-service
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 4 IOCs