- 162/2026
- High
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform server-side request forgery (SSRF) and cross-site scripting (XSS) attacks, escalate privileges, or execute arbitrary code and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-20230):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Server-Side Request Forgery
2. Cisco Webex Meetings Cross-Site Scripting Vulnerability (CVE-2026-20233):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
The affected products:
- Cisco Unified CM and Unified CM SME.
- Cisco Webex Meetings.
- Cisco Finesse.
Vulnerabilities
- CVE-2026-20230
- CVE-2026-20233
- CVE-2026-20175
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.