4.3
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device.
Basic Information
ID
CVE-2026-20061
Source
cisco
Published
Apr 15, 2026 at 16:11
Modified
Apr 15, 2026 at 16:56
Affected Product
Vendor
Cisco
Product
Cisco Unity Connection
Version
14
Affected Versions
Cisco Cisco Unity Connection 14
Cisco Cisco Unity Connection 14SU1
Cisco Cisco Unity Connection 14SU2
Cisco Cisco Unity Connection 14SU3
Cisco Cisco Unity Connection 14SU3a
Cisco Cisco Unity Connection 15
Cisco Cisco Unity Connection 15SU1
Cisco Cisco Unity Connection 14SU4
Cisco Cisco Unity Connection 15SU2
Cisco Cisco Unity Connection 15SU3
Cisco Cisco Unity Connection 14SU5
Cisco Cisco Unity Connection 14SU1
Cisco Cisco Unity Connection 14SU2
Cisco Cisco Unity Connection 14SU3
Cisco Cisco Unity Connection 14SU3a
Cisco Cisco Unity Connection 15
Cisco Cisco Unity Connection 15SU1
Cisco Cisco Unity Connection 14SU4
Cisco Cisco Unity Connection 15SU2
Cisco Cisco Unity Connection 15SU3
Cisco Cisco Unity Connection 14SU5