What is CVE-2026-20081?

CVE-2026-20081 is a medium-severity vulnerability in Cisco Unity Connection, classified under Relative Path Traversal. CVSS score: 6.5/10. Published 2026-04-15.

How severe is CVE-2026-20081?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Path Traversal in Cisco Unity Connection

CVE-2026-20081

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative creden…

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Unity Connection — versions 12.5(1), 12.5(1)SU1, 12.5(1)SU2
Cisco Unity_connection — versions 14.0, 14su1, 14su2

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

cisco-sa-unity-file-download-RmKEVWPx (Vendor Advisory)

Frequently asked questions

What is CVE-2026-20081?: CVE-2026-20081 is a medium-severity vulnerability in Cisco Unity Connection, classified under Relative Path Traversal. CVSS score: 6.5/10. Published 2026-04-15.
How severe is CVE-2026-20081?: Medium severity. CVSS v3 base score is 6.5 out of 10.