{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20061", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.356Z", "datePublished": "2026-04-15T16:11:20.865Z", "dateUpdated": "2026-04-15T16:56:34.089Z"}, "containers": {"cna": {"title": "Cisco Unity Connection SQL Injection Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw", "name": "cisco-sa-unity-vulns-n2EJSbbw"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-unity-vulns-n2EJSbbw", "discovery": "EXTERNAL", "defects": ["CSCwq36796"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "cwe", "cweId": "CWE-89"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Unity Connection", "versions": [{"version": "14", "status": "affected"}, {"version": "14SU1", "status": "affected"}, {"version": "14SU2", "status": "affected"}, {"version": "14SU3", "status": "affected"}, {"version": "14SU3a", "status": "affected"}, {"version": "15", "status": "affected"}, {"version": "15SU1", "status": "affected"}, {"version": "14SU4", "status": "affected"}, {"version": "15SU2", "status": "affected"}, {"version": "15SU3", "status": "affected"}, {"version": "14SU5", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:11:20.865Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T16:42:14.106646Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:34.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20061", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T16:42:14.106646Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T16:56:14.498Z"}}], "cna": {"title": "Cisco Unity Connection SQL Injection Vulnerability", "source": {"defects": ["CSCwq36796"], "advisory": "cisco-sa-unity-vulns-n2EJSbbw", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Unity Connection", "versions": [{"status": "affected", "version": "14"}, {"status": "affected", "version": "14SU1"}, {"status": "affected", "version": "14SU2"}, {"status": "affected", "version": "14SU3"}, {"status": "affected", "version": "14SU3a"}, {"status": "affected", "version": "15"}, {"status": "affected", "version": "15SU1"}, {"status": "affected", "version": "14SU4"}, {"status": "affected", "version": "15SU2"}, {"status": "affected", "version": "15SU3"}, {"status": "affected", "version": "14SU5"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw", "name": "cisco-sa-unity-vulns-n2EJSbbw"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-15T16:11:20.865Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20061", "state": "PUBLISHED", "dateUpdated": "2026-04-15T16:56:34.089Z", "dateReserved": "2025-10-08T11:59:15.356Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2026-04-15T16:11:20.865Z", "assignerShortName": "cisco"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DAF417F-F480-4A4D-845B-8338776FF253", "versionEndIncluding": "12.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "A85D56C0-D4A3-43A7-9CD1-FCEB6C8AEF66", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14su1:*:*:*:*:*:*:*", "matchCriteriaId": "774C01A1-9328-45E8-9BDD-470A10BC3C2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14su2:*:*:*:*:*:*:*", "matchCriteriaId": "CD8AB4B5-12C2-4F02-A4C3-4B8C06AFFD53", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*", "matchCriteriaId": "181866CE-6279-4422-8EF8-7A12DB5B21F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14su3a:*:*:*:*:*:*:*", "matchCriteriaId": "7B70BACC-B771-4049-8A55-3B277913DEEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14su4:*:*:*:*:*:*:*", "matchCriteriaId": "D09F3655-B513-48F6-82A8-F0F946C52D25", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:14su5:*:*:*:*:*:*:*", "matchCriteriaId": "E51AF0FF-016D-4F20-8F88-0E70D18C375C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "97CC6719-1A7F-48BA-8014-802E235ED80D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:15su1:*:*:*:*:*:*:*", "matchCriteriaId": "2C9412EC-282C-4926-83F8-932E24E0FC22", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:15su2:*:*:*:*:*:*:*", "matchCriteriaId": "37EFE547-7D3C-4D71-8D46-2C5734B9D64B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:15su3:*:*:*:*:*:*:*", "matchCriteriaId": "CE6AF25B-E6F9-4E15-902D-4516DFE8C8E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device."}], "id": "CVE-2026-20061", "lastModified": "2026-04-28T16:30:48.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-15T17:17:01.433", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14SU1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14SU2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14SU3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14SU3a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15SU1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14SU4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15SU2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15SU3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14SU5"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "Cisco Unity Connection", "source": "cna", "vendor": "Cisco"}, "product": "unity_connection", "vendor": "cisco"}], "analysis": {"en": {"generated_at": "2026-04-15T22:18:01.956799+00:00", "value": {"mitigation_remediation": ["Apply the latest Cisco Unity Connection patch or firmware revision that addresses the SQL injection flaw.", "Reduce the attack surface by restricting public or external access to the web\u2011based management interface and enforce least\u2011privilege access for user accounts.", "Continuously monitor authentication logs for unusual activity."], "summary": {"action": "Apply Patch", "impact": "Confidential Data Disclosure"}, "threat_synthesis": {"affected_systems": "The vendor and product affected is Cisco Unity Connection. Specific version information is not publicly disclosed in the available advisory, so all installations of Cisco Unity Connection that remain unpatched are potentially vulnerable unless a later update contains a fix.", "description_and_impact": "A vulnerability in the web\u2011based management interface of Cisco Unity Connection permits an authenticated remote attacker to inject SQL statements by sending a specially crafted HTTP(S) request. The flaw stems from insufficient validation of user\u2011supplied input, consistent with CWE\u201189. Successful exploitation enables the attacker to read data stored on the affected device, thereby compromising the confidentiality of that information. The impact is limited to disclosure; there is no evidence of privilege escalation or execution of arbitrary code.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate overall rating. EPSS data is not available, and the vulnerability is not listed in CISA's KEV catalog, suggesting the exploit has not been observed in the wild. Attackers must possess valid credentials and use the web management interface, suggesting the attack vector is remote but authenticated. Inferred from the description, the attacker can send crafted requests over the network to perform the injection. The risk level is moderate, with the primary concern being unauthorized data access rather than system compromise."}}}}, "created": "2026-04-15T21:00:09.463595+00:00", "updated": "2026-04-15T22:30:16.055971+00:00", "vendors": ["cisco", "cisco$PRODUCT$unity_connection"]}