CVE-2026-20059

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection (affected versions not specified)

Description A flaw in the web-based management interface allows an unauthenticated remote attacker to perform a reflected Cross-Site Scripting (XSS) attack. This occurs because the interface fails to properly validate user-supplied input. An attacker can exploit this by tricking a user into clicking a specially crafted link, which may lead to the execution of arbitrary script code within the interface context or the theft of sensitive browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.