The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited.
Identified as CVE-2026-20230, the security issue is server-side request forgery (SSRF) and has been added to the agency’s catalog of Known Exploited Vulnerabilities (KEV).
Per Binding Operational Directive (BOD) 26-04, the remediation is deemed urgent and must addressed by Sunday, June 28.
Cisco marked CVE-2026-20230 with critical severity and released a patch on June 3, warning that it could be exploited remotely and without authentication via specially crafted HTTP requests.
At the time, the company noted that a proof-of-concept exploit existed, but had found no evidence of active exploitation.
Last weekend, threat detection startup Defused observed the vulnerability being exploited in attacks to write arbitrary text files to affected endpoints.
It is currently unknown what type of threat actor is leveraging CVE-2026-20230 in attacks.
Critical flaw in PLM products
CISA has also added CVE-2026-12569 to the KEV catalog, an improper input validation flaw impacting the PTC Windchill and FlexPLM software products.
Both are product lifecycle management (PLM) systems developed by PTC specifically for the manufacturing, engineering, retail, footwear, apparel, and consumer products industries.
CVE-2026-12569 is a critical-severity remote code execution (RCE) vulnerability that can be exploited through the deserialization of untrusted data.
PTC disclosed the issue on June 18 and published a security advisory, pointing customers to the complete list of vulnerable Windchill and FlexPLM versions and urging them to immediately take remediation steps.
According to the vendor, the flaw affects all versions up to 11.0 and multiple versions of the 11.1, 11.2, 12.0, 12.1, and 13.0 release branches.
CISA set the same June 28 deadline for federal agencies to patch CVE-2026-12569.
Agencies and organizations bound by BOD 26-04 should take immediate action to secure their systems by applying available security updates and vendor-recommended mitigations, or stop using the products mentioned by the set deadline.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
