Cisco Unity Connection unauthenticated SSRF in default-enabled Web Inbox (CVSS 7.2; logged § 7 — dropped from § 2, gate not cleared)
cve · CVE-2026-20035
Coverage timeline
1
first 2026-05-10 → last 2026-05-10
Briefs
1
1 distinct
Sources cited
8
4 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-10CTI Daily Brief — 2026-05-10
Source distribution
- attack.mitre.org4 (50%)
- blog.talosintelligence.com2 (25%)
- sec.cloudapps.cisco.com1 (12%)
- thehackernews.com1 (12%)
External references
All cited sources (8)
- sec.cloudapps.cisco.comprimaryinlineCisco PSIRT advisory, 2026-05-06https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy
- attack.mitre.orginlineT1133 External Remote Serviceshttps://attack.mitre.org/techniques/T1133/
- attack.mitre.orginlineT1190 Exploit Public-Facing Applicationhttps://attack.mitre.org/techniques/T1190/
- attack.mitre.orginlineT1486 Data Encrypted for Impacthttps://attack.mitre.org/techniques/T1486/
- attack.mitre.orginlineT1567 Exfiltration Over Web Servicehttps://attack.mitre.org/techniques/T1567/
- blog.talosintelligence.cominlineCisco Talos, 2026-05-05https://blog.talosintelligence.com/cloudz-pheno-infostealer/
- blog.talosintelligence.cominlineCisco Talos, 2026-05-05https://blog.talosintelligence.com/uat-8302/
- thehackernews.cominlineThe Hacker News, 2026-05-05https://thehackernews.com/2026/05/china-linked-uat-8302-targets.html
Items in briefs about Cisco Unity Connection unauthenticated SSRF in default-enabled Web Inbox (CVSS 7.2; logged § 7 — dropped from § 2, gate not cleared)
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.