CVE-2026-20060

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

Severity	MEDIUM
CVSS	4.7
CWE	CWE-601
KEV
Published	1 month ago
Modified	3 weeks ago

Related Products

Product	Advisory	Evidence
Cisco Unity Connection	cisco-sa-unity-vulns-n2EJSbbw	Cisco OpenVuln
Cisco Unity	cisco-sa-unity-vulns-n2EJSbbw	Cisco OpenVuln