Dossier
Server-Side Request Forgery
Coverage of Server-Side Request Forgery in the Nexus archive.
- Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a server-side request forgery vulnerability (CVE-2026-20230) in Unified Communications Manager, allowing unauthenticated attackers to write files and escalate to root. Proof-of-concept exploit code is now public, though Cisco's PSIRT reports no observed attacks yet.
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
A high-severity SSRF vulnerability (CVE-2026-33626) in LMDeploy, an open-source LLM deployment toolkit, was actively exploited in the wild within 13 hours of disclosure. The flaw, rated CVSS 7.5, allows attackers to access sensitive data via server-side request forgery.