Cisco Product Security Update Advisory

Security updates have been released to address vulnerabilities found in Cisco products. the targets are Cisco Unity Connection, Cisco CNC, Cisco Crosswork Network Controller, and Cisco Network Services Orchestrator.

• A remote code execution vulnerability (CVE-2026-20034) and a server-side request forgery (SSRF) vulnerability (CVE-2026-20035) in Cisco Unity Connection are addressed.
• affected Versions of Cisco Unity Connection are 12.5 and earlier, 14.0, and 15.0.
• A denial of service (DoS, an attack that disrupts normal service) vulnerability (CVE-2026-20188) has been resolved in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator.
• affected Versions of Cisco CNC are 7.1 and earlier, 6.3 and earlier, and 6.4.

the Vulnerability Patch was made available in the latest update. Cisco Unity Connection responds by migrating to a fixed release or applying 14SU5, 15SU4, or patch files. Cisco CNC responds by migrating to the corrected release or updating to 6.4.1.3. users of affected products should update to the latest version of the Vulnerability Patch.