Volerion logoVolerion
Volerion logoVolerion

Cisco Unity Connection Web Inbox Server-Side Request Forgery Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the web UI of Cisco Unity Connection Web Inbox. This vulnerability allows an unauthenticated, remote attacker to send arbitrary network requests from the affected device. The issue arises from improper input validation of certain HTTP requests. Exploitation of this vulnerability could enable an attacker to conduct SSRF attacks, potentially accessing internal services or resources from the perspective of the affected device.

Impact

Exploitation of this vulnerability could allow an attacker to perform server-side request forgery (SSRF) attacks, sending arbitrary network requests from the affected device.

Remediation

Users can upgrade to Cisco Unity Connection releases 14SU5 or 15SU4 to address this vulnerability. For Cisco Unity Connection 15.0, a specific patch is available. Instructions for downloading this patch are included in the advisory.

Added: May 6, 2026, 6:52 PM
Updated: May 6, 2026, 6:52 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
0.4
exploitability
6.4
remediation
7.7
relevance
7.6
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.