CVE-2026-20034
Analyzed
Analyzed - Analysis Complete
Remote Code Execution in Cisco Unity Connection
Vulnerability report for CVE-2026-20034, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-06
Last updated on: 2026-07-01
Assigner: Cisco Systems, Inc.
Description
Description
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | unity_connection | 14.0 |
| cisco | unity_connection | to 14.0 (exc) |
| cisco | unity_connection | 14su3 |
| cisco | unity_connection | 14su2 |
| cisco | unity_connection | 14su1 |
| cisco | unity_connection | 14su4 |
| cisco | unity_connection | 15.0 |
| cisco | unity_connection | 15su1 |
| cisco | unity_connection | 15su2 |
| cisco | unity_connection | 15su3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |