Cisco Unity Connection Open Redirect Vulnerability_CVE-2026-20060

4.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Description

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

Basic Information

ID CVE-2026-20060

Source cisco

Published Apr 15, 2026 at 16:11

Modified Apr 15, 2026 at 16:56

Affected Product

Vendor Cisco

Product Cisco Unity Connection

Version 14

Affected Versions Cisco Cisco Unity Connection 14
Cisco Cisco Unity Connection 14SU1
Cisco Cisco Unity Connection 14SU2
Cisco Cisco Unity Connection 14SU3
Cisco Cisco Unity Connection 14SU3a
Cisco Cisco Unity Connection 15
Cisco Cisco Unity Connection 15SU1
Cisco Cisco Unity Connection 14SU4
Cisco Cisco Unity Connection 15SU2
Cisco Cisco Unity Connection 15SU3

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw

{
    "lastseen": "",
    "description": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\nThis vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.",
    "published": "2026-04-15T16:11:20.842Z",
    "modified": "2026-04-15T16:56:34.222Z",
    "type": "cve",
    "title": "Cisco Unity Connection Open Redirect Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw",
    "id": "CVE-2026-20060",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Unity Connection 14\nCisco Cisco Unity Connection 14SU1\nCisco Cisco Unity Connection 14SU2\nCisco Cisco Unity Connection 14SU3\nCisco Cisco Unity Connection 14SU3a\nCisco Cisco Unity Connection 15\nCisco Cisco Unity Connection 15SU1\nCisco Cisco Unity Connection 14SU4\nCisco Cisco Unity Connection 15SU2\nCisco Cisco Unity Connection 15SU3",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Unity Connection",
    "version": "14",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply