Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely.
Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without authentication to perform server-side request forgery (SSRF) attacks. Cisco warns that public PoC code is available and that successful exploitation could allow attackers to write files that may later be used to gain root privileges.
“This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.” reads the advisory. “A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.”
Cisco rated this advisory as Critical instead of High because successful exploitation could allow an attacker to escalate privileges to root. However, the risk depends on configuration: the vulnerability can only be exploited if the WebDialer service is enabled, which is disabled by default on affected systems.
There is no full workaround for this vulnerability. Cisco recommends mitigating risk by disabling the WebDialer service until a patch is applied. Administrators can do this through the Cisco Unified CM Administration interface by going to Cisco Unified Serviceability, opening Service Activation under Tools, and unchecking the Cisco WebDialer Web Service option in the CTI Services section before saving the changes.
Below are the fixed releases:
Cisco Unified CM and Unified CM SME Release
First Fixed Release
14
14SU6
15
15SU5 (Sep 2026) or COP1
Cisco confirms that PoC exploit code for the vulnerability is publicly available. However, the Cisco PSIRT is not aware of attacks in the wild exploiting this issue.
“The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.” concludes the advisory.”The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.”
Another week has passed, and Apex is still the top thriller on Netflix and the No. 1 movie in the streamer’s current top 10. Audiences are loving the cat-and-mouse battle between Charlize Theron’s rock climber and Taron Egerton’s serial killer. It will be interesting to see what movie inevitably knocks it down to second place.
If you’re searching for more thrillers, then you’ve come to the right place. Our top recommendation is the fifth entry into one of Hollywood’s iconic horror series. The other movies on this list include a little-seen survival thriller with an A-plus cast and a feature film adaptation of a post-apocalyptic novel. Stream all three of these movies on Netflix in the U.S.
3
Eden
Survival on the island
What the heck happened to Eden? The survival thriller premiered at the 2024 Toronto International Film Festival and entered limbo immediately after due to its lack of distribution. Nearly a year passed before Vertical finally released Eden in theaters on August 22, 2025. You would think that this movie had an easy sell—recognizable actors stuck on an island, with chaos ensuing. I’m still baffled as to why a major studio didn’t pick it up in the United States.
Eden is inspired by true events surrounding the residents of Floreana Island in the 1930s. Dr. Friedrich Ritter (Jude Law) leaves Germany and moves to Floreana Island with Dore Strauch (Vanessa Kirby). They are eventually joined by Margret Wittmer (Sydney Sweeny), Heinz Wittmer (Daniel Brühl), and Eloise Bosquet de Wagner Wehrhorn (Ana de Armas). Tensions rise as the competing families vie for control of the island, resulting in fatal decisions that lead to multiple tragedies. Eden certainly has some Lord of the Flies elements in its story.
Again, I’m shocked this movie was dumped in August instead of receiving a traditional rollout from a popular studio. Admittedly, Eden has its flaws and heavily leans into melodrama much to its detriment. Still, it’s an entertaining thriller supported by a stacked cast that is much better than it’s given credit for.
2
Leave the World Behind
Technology becomes the villain
What would happen if the collapse of technology led to the end of the world? That’s part of the premise of Leave the World Behind, Sam Esmail’s 2023 psychological thriller for Netflix. The movie is based on Rumaan Alam’s novel of the same name. Right when an oil tanker crashes on the shore, something is not right in Leave the World Behind.
Amanda Sandford (Julia Roberts) is on vacation with her husband Clay (Ethan Hawke) and two children when inexplicable occurrences, like the oil tanker crash, begin happening. The root of the issue is a nationwide blackout that has caused widespread panic. Amanda and Clay are forced to grapple with their trust issues after the arrival of the vacation home’s owner, George H. “G.H.” Scott (Mahershala Ali), and his daughter, Ruth (Myha’la).
Some may view Leave the World Behind as a warning to humanity, which feels ill-equipped to handle a devastating cyberattack. Others might watch strictly for its entertainment purposes. I fell somewhere in the middle. There are some relevant messages about the apocalypse, social inequality, and societal standards. It’s also a great cast of talented performers who elevate the source material. I don’t think the film depicts what actually would happen in a disaster, but it’s certainly fun (and scary) to predict the future.
1
Scream
I would like to play another game
To clarify, I’m referring to 2022’sScream, informally known as Scream V. It’s a nightmare scenario for anyone like myself, who has to write an article about the fifth Scream installment. For bookkeeping purposes, I’m calling it Scream V. Part of the reason for the similar title to the first movie is because Scream V restarted the franchise after an 11-year hiatus. It’s not a reboot or a remake, but a continuation of the series.
The film opens with a similar sequence to 1996’s Scream, where an unsuspecting high school student, Tara Carpenter (Jenna Ortega), is attacked by a new Ghostface killer in Woodsboro. Tara’s half-sister, Sam (Melissa Barrera), returns to town and learns that Tara’s friend group is now being targeted by Ghostface. If you’re dealing with Ghostface, there’s only one person to call for help: Sidney Prescott (Neve Campbell), who has survived the killer’s multiple attempts at her life.
I was surprisingly impressed with Radio Silence’s take on Scream. These reboots are typically cash grabs and a way for studios to exploit the IP of a popular entity. Scream V plays the hits—close calls, gory kills, and a propensity for dark humor. For me, it works as one of the franchise’s best entries. I thought Scream was done following Scream 4. Now, you’re probably going to get Scream VIII in a few years.
More Netflix movies to watch
Two new Netflix movies, My Dearest Assassin and Remarkably Bright Creatures, arrive at week’s end just in time for the weekend. You can also stream classic Oscar-winning movies, including Roma and Glory. No matter what you choose, chances are you’ll be occupied for the foreseeable future with Netflix content.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
June 04, 2026
