{"api_version":"1","generated_at":"2026-05-13T07:03:20+00:00","cve":"CVE-2026-20035","urls":{"html":"https://cve.report/CVE-2026-20035","api":"https://cve.report/api/cve/CVE-2026-20035.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-20035","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-20035"},"summary":{"title":"Cisco Unity Connection Server-Side Request Forgery Vulnerability","description":"A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.","state":"PUBLISHED","assigner":"cisco","published_at":"2026-05-06 17:16:20","updated_at":"2026-05-06 18:59:53"},"problem_types":["CWE-918","CWE-918 Server-Side Request Forgery (SSRF)"],"metrics":[{"version":"3.1","source":"psirt@cisco.com","type":"Primary","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSSV3_1","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy","refsource":"psirt@cisco.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-20035","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20035","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 14","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 14SU1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 14SU2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 14SU3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 14SU3a","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU8a","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 15","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 15SU1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 14SU4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 12.5(1)SU9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 15SU2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Unity Connection","version":"affected 15SU3","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[{"source":"CNA","title":"","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-20035","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-06T17:27:15.669186Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-06T17:27:23.655Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Cisco Unity Connection","vendor":"Cisco","versions":[{"status":"affected","version":"12.5(1)"},{"status":"affected","version":"12.5(1)SU1"},{"status":"affected","version":"12.5(1)SU2"},{"status":"affected","version":"12.5(1)SU3"},{"status":"affected","version":"12.5(1)SU4"},{"status":"affected","version":"14"},{"status":"affected","version":"12.5(1)SU5"},{"status":"affected","version":"14SU1"},{"status":"affected","version":"12.5(1)SU6"},{"status":"affected","version":"14SU2"},{"status":"affected","version":"12.5(1)SU7"},{"status":"affected","version":"14SU3"},{"status":"affected","version":"12.5(1)SU8"},{"status":"affected","version":"14SU3a"},{"status":"affected","version":"12.5(1)SU8a"},{"status":"affected","version":"15"},{"status":"affected","version":"15SU1"},{"status":"affected","version":"14SU4"},{"status":"affected","version":"12.5(1)SU9"},{"status":"affected","version":"15SU2"},{"status":"affected","version":"15SU3"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device."}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","version":"3.1"},"format":"cvssV3_1"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-918","description":"Server-Side Request Forgery (SSRF)","lang":"en","type":"cwe"}]}],"providerMetadata":{"dateUpdated":"2026-05-06T16:15:57.142Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"cisco-sa-unity-rce-ssrf-hENhuASy","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy"}],"source":{"advisory":"cisco-sa-unity-rce-ssrf-hENhuASy","defects":["CSCwq36834"],"discovery":"EXTERNAL"},"title":"Cisco Unity Connection Server-Side Request Forgery Vulnerability"}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2026-20035","datePublished":"2026-05-06T16:15:57.142Z","dateReserved":"2025-10-08T11:59:15.353Z","dateUpdated":"2026-05-06T17:27:23.655Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-06 17:16:20","lastModifiedDate":"2026-05-06 18:59:53","problem_types":["CWE-918","CWE-918 Server-Side Request Forgery (SSRF)"],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"20035","Ordinal":"1","Title":"Cisco Unity Connection Server-Side Request Forgery Vulnerability","CVE":"CVE-2026-20035","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"20035","Ordinal":"1","NoteData":"A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.","Type":"Description","Title":"Cisco Unity Connection Server-Side Request Forgery Vulnerability"}]}}}