CVE-2026-20081Relative Path Traversal in Cisco Unity Connection

CWE-23Relative Path Traversal4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 75.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedApr 15

Description

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrar

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5cisco/cisco_unity_connection22 versions+21

🔴Vulnerability Details

3
CVEList
Cisco Unity Connection Arbitrary File Download Vulnerability2026-04-15
GHSA
GHSA-9p4v-rc38-f32h: Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system2026-04-15
VulDB
Cisco Unity Connection up to 15SU3 HTTPS path traversal (cisco-sa-unity-file-download-RmKEVWPx / EUVD-2026-22957)2026-04-15
CVE-2026-20081 — Relative Path Traversal in Cisco | cvebase