Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Unity Connection Arbitrary File Download Vulnerabilities

cisco-sa-unity-file-download-RmKEVWPx · Medium · Published · Updated

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2026-20078, CVE-2026-20081
Cisco Bug IDsCSCwq36816, CSCwr87730
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unity Connection

Related Products

Product CVE Evidence
Cisco Unity Connection CVE-2026-20081 Cisco OpenVuln
Cisco Unity Connection CVE-2026-20078 Cisco OpenVuln
Cisco Unity CVE-2026-20081 Cisco OpenVuln
Cisco Unity CVE-2026-20078 Cisco OpenVuln