CVE-2026-20060Open Redirect in Cisco Unity Connection

CWE-601Open Redirect4 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 94.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedApr 15

Description

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_unity_connection10 versions+9

🔴Vulnerability Details

3
GHSA
GHSA-wxm9-c4v7-5x34: A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to2026-04-15
CVEList
Cisco Unity Connection Open Redirect Vulnerability2026-04-15
VulDB
Cisco Unity Connection up to 15SU3 Web-based Management Interface Request redirect (cisco-sa-unity-vulns-n2EJSbbw / EUVD-2026-22953)2026-04-15
CVE-2026-20060 — Open Redirect in Cisco | cvebase