Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code on or conduct server-side request forgery (SSRF) attacks through an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities.
- Scope: CVE-2026-20034: This vulnerability affects Cisco Unity Connection, regardless of device configuration.
- 12.5 and earlier — Migrate to a fixed release
- Release 14.0 (first fixed: 14SU5)
- Release 15.0 (first fixed: 15SU4 or apply patch file:1)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 14SU5
- 15SU4 or apply patch file:1
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 12.5 and earlier: migrate to a fixed release.
- Release 14.0: upgrade to 14SU5.
- Release 15.0: upgrade to 15SU4 or apply patch file:1.
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.