What is CVE-2026-20061?

CVE-2026-20061 is a medium-severity vulnerability in Cisco Unity Connection, classified under SQL Injection. CVSS score: 4.3/10. Published 2026-04-15.

How severe is CVE-2026-20061?

Medium severity. CVSS v3 base score is 4.3 out of 10.

SQL Injection in Cisco Unity Connection

CVE-2026-20061

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must h…

Vulnerability class: SQL Injection

EPSS: 0.000 (5.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Cisco Unity Connection — versions 14, 14SU1, 14SU2
Cisco Unity_connection — versions 14.0, 14su1, 14su2

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cisco-sa-unity-vulns-n2EJSbbw (Vendor Advisory)

Frequently asked questions

What is CVE-2026-20061?: CVE-2026-20061 is a medium-severity vulnerability in Cisco Unity Connection, classified under SQL Injection. CVSS score: 4.3/10. Published 2026-04-15.
How severe is CVE-2026-20061?: Medium severity. CVSS v3 base score is 4.3 out of 10.