CVE-2026-20060 MEDIUM

CVE-2026-20060: Cisco Unity Connection Open Redirect Vulnerability

Vendor Cisco
Product Cisco Unity Connection
Weakness CWE-601 · Open redirect
Published April 15, 2026
Last update April 15, 2026
View on NVD All CVEs

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

Key dates

02Disclosure timeline

April 15, 2026 CVE published
April 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-24847 OpenEMR has Open Redirect in Eye Exam Form CVE-2026-25392 WordPress Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress plugin <= 1.4.0 - Open Redirection vulnerability CVE-2026-20123 Cisco Prime Infrastructure and Evolved Programmable Network Manager Open Redirect Vulnerability CVE-2024-42341 Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') CVE-2024-6377 URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x