CVE-2026-20060
Received Received - Intake
Open Redirect Vulnerability in Cisco Unity Connection Web Interface

Publication date: 2026-04-15

Last updated on: 2026-04-28

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20060
EUVD
EUVD-2026-22953
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
cisco unity_connection 14.0
cisco unity_connection 14su3
cisco unity_connection 14su2
cisco unity_connection 14su1
cisco unity_connection 14su3a
cisco unity_connection 14su4
cisco unity_connection 15.0
cisco unity_connection 15su1
cisco unity_connection 15su2
cisco unity_connection 15su3
cisco unity_connection to 12.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in the web-based management interface of Cisco Unity Connection. It allows an unauthenticated, remote attacker to redirect a user to a malicious web page by exploiting improper input validation of HTTP request parameters.

An attacker can exploit this by persuading a user to click on a specially crafted link, which then causes the redirection.

Impact Analysis

The impact of this vulnerability is that an attacker could redirect users to malicious websites without authentication. This could lead to phishing attacks, malware downloads, or other malicious activities initiated by the attacker.

The CVSS score of 4.7 indicates a medium severity, with the main impact being on integrity due to the potential for malicious redirection.

Detection Guidance

This vulnerability involves improper input validation of HTTP request parameters in the web-based management interface of Cisco Unity Connection, which can be exploited by crafted links causing redirection to malicious web pages.

Detection would involve monitoring HTTP requests to the Cisco Unity Connection management interface for suspicious or crafted URLs that attempt to redirect users.

Specific commands or tools to detect this vulnerability are not provided in the available resources.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to apply the software updates released by Cisco that address this issue.

No workarounds are available, so timely patching is critical to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart