What is CVE-2026-20035?

CVE-2026-20035 is a high-severity vulnerability in Cisco Unity Connection, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2026-05-06.

How severe is CVE-2026-20035?

High severity. CVSS v3 base score is 7.2 out of 10.

SSRF in Cisco Unity Connection

CVE-2026-20035

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HT…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (6.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.

Affected products

Cisco Unity Connection — versions 12.5(1), 12.5(1)SU1, 12.5(1)SU2

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

cisco-sa-unity-rce-ssrf-hENhuASy

Frequently asked questions

What is CVE-2026-20035?: CVE-2026-20035 is a high-severity vulnerability in Cisco Unity Connection, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2026-05-06.
How severe is CVE-2026-20035?: High severity. CVSS v3 base score is 7.2 out of 10.