CVE-2026-20230 — Cisco Unified CM WebDialer: pre-auth SSRF to arbitrary root file write, reconnaissance-stage scanning observed

Cisco PSIRT's advisory describes an SSRF in the WebDialer service of Unified CM 14/15 that lets an unauthenticated attacker write files to the OS and later escalate to root. The in-window signal: exploitation moved to reconnaissance stage, with a PoC that fingerprints vulnerable devices. Unified CM is core telephony for many cantonal and hospital networks — patch before the scanning becomes exploitation.