Description
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
Published: 2026-05-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the web‑based management interface permits an authenticated attacker to send a crafted API request that bypasses input validation, enabling execution of arbitrary code with root privileges. The consequence is a full compromise of the affected device, exposing all data and services it hosts.

Affected Systems

Cisco Unity Connection is affected; no specific version range is disclosed in the advisory, so all installation points requiring the web interface should be considered at risk.

Risk and Exploitability

The CVSS score of 8.8 classifies this as high severity. EPSS information is unavailable, and the vulnerability is not listed in CISA KEV. Attacks require valid user credentials and remote access to the management interface, indicating the likely attack vector is authenticated API requests over the network.

Generated by OpenCVE AI on May 6, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Unity Connection update or patch that eliminates the RCE flaw.
  • Restrict API access to trusted networks and enforce least privilege on user accounts to limit exploitation surface.
  • Implement network segmentation or firewall rules to isolate the Unity Connection management interface from external exposure.
  • Monitor logs for anomalous API traffic or unexpected process execution to detect potential compromise.

Generated by OpenCVE AI on May 6, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device.&nbsp;To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
Title Cisco Unity Connection Remote Code Execution Vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-05-07T03:55:48.652Z

Reserved: 2025-10-08T11:59:15.353Z

Link: CVE-2026-20034

cve-icon Vulnrichment

Updated: 2026-05-06T17:27:43.347Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T17:16:20.093

Modified: 2026-05-06T18:59:53.230

Link: CVE-2026-20034

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T17:30:08Z

Weaknesses