CVE-2026-20035

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection Web Inbox (affected versions not specified)

Description Improper input validation for specific HTTP requests in the web UI allows an unauthenticated remote attacker to perform Server-Side Request Forgery (SSRF), a technique where the attacker forces the server to make requests to an unintended location. By sending a crafted HTTP request, an attacker can trigger arbitrary network requests originating from the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.