CVE-2026-20081
Arbitrary File Download via Input Validation Flaw in Cisco Unity Connection
Publication date: 2026-04-15
Last updated on: 2026-04-28
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | unity_connection | 14.0 |
| cisco | unity_connection | 14su3 |
| cisco | unity_connection | 14su2 |
| cisco | unity_connection | 14su1 |
| cisco | unity_connection | 14su3a |
| cisco | unity_connection | 14su4 |
| cisco | unity_connection | 14su5 |
| cisco | unity_connection | 15.0 |
| cisco | unity_connection | 15su1 |
| cisco | unity_connection | 15su2 |
| cisco | unity_connection | 15su3 |
| cisco | unity_connection | to 12.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple security issues in Cisco Unity Connection that allow an authenticated remote attacker to download arbitrary files from the affected system.
The attacker must have valid administrative credentials to exploit these vulnerabilities.
The root cause is improper sanitization of user input in the web-based management interface, which can be exploited by sending a specially crafted HTTPS request.
How can this vulnerability impact me? :
A successful exploit of this vulnerability could allow an attacker with administrative credentials to download arbitrary files from the affected system.
This could lead to unauthorized access to sensitive information stored on the system.
The vulnerability has a CVSS v3.1 base score of 6.5, indicating a medium severity impact with high confidentiality impact but no impact on integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, Cisco strongly recommends upgrading affected Cisco Unity Connection systems to the fixed software releases: Cisco Unity Connection 14SU6 or 15SU4.
There are no available workarounds for this vulnerability, so applying the fixed software is the only effective remediation.
Ensure that you obtain the fixed software through Cisco or authorized partners and verify compatibility with your hardware and software configurations before upgrading.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires valid administrative credentials to exploit and involves sending a crafted HTTPS request to the web-based management interface of Cisco Unity Connection. Detection would involve monitoring for unusual or unauthorized HTTPS requests targeting this interface.
There are no specific detection commands or tools provided in the available resources or CVE description.
Cisco recommends upgrading to fixed software releases (Cisco Unity Connection 14SU6 and 15SU4) to remediate the issue, as no workarounds or detection commands are mentioned.