Home

Description

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

PUBLISHED Reserved 2025-10-08 | Published 2026-04-15 | Updated 2026-04-15 | Assigner cisco




MEDIUM: 4.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Problem types

URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status
unknown

14
affected

14SU1
affected

14SU2
affected

14SU3
affected

14SU3a
affected

15
affected

15SU1
affected

14SU4
affected

15SU2
affected

15SU3
affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-unity-vulns-n2EJSbbw (cisco-sa-unity-vulns-n2EJSbbw)

cve.org (CVE-2026-20060)

nvd.nist.gov (CVE-2026-20060)

Download JSON