By Ionut Arghire
Publication Date: 2026-05-07 11:24:00
Cisco on Wednesday announced patches for multiple vulnerabilities across its enterprise products, including five high-severity bugs.
Two high-severity issues, tracked as CVE-2026-20034 and CVE-2026-20035, which could lead to server-side request forgery (SSRF) attacks, were resolved in Cisco Unity Connection.
Rooted in the insufficient validation of user-supplied input and specific HTTP requests, the flaws could be exploited by remote, authenticated attackers to execute arbitrary code as root or send network requests sourced from the affected device.
Cisco addressed a high-severity defect (CVE-2026-20185) in the Simple Network Management Protocol (SNMP) subsystem of SG350 and SG350X switches that could be exploited to cause a denial-of-service (DoS) condition.
Improper error handling during the parsing of response data for a specific SNMP request could allow attackers to reload the device, the company explains.
“This vulnerability affects SNMP versions 1, 2c,…
