CISA has ordered federal agencies to patch two actively exploited critical vulnerabilities by June 28: CVE-2026-20230 in Cisco Unified Communications Manager Server and CVE-2026-12569 in PTC Windchill and FlexPLM. The first flaw is a server-side request forgery issue used to write arbitrary text files, while the second is a remote code execution bug affecting multiple PLM versions. #CVE-2026-20230 #CiscoUnifiedCommunicationsManager #CVE-2026-12569 #PTCWindchill #FlexPLM
Keypoints
- CISA added CVE-2026-20230 to the Known Exploited Vulnerabilities catalog.
- The Cisco Unified Communications Manager Server flaw is an SSRF bug under active exploitation.
- Attackers are using CVE-2026-20230 to write arbitrary text files to affected endpoints.
- CISA also listed CVE-2026-12569, a critical RCE issue in PTC Windchill and FlexPLM.
- Federal agencies must apply fixes or stop using the affected products by June 28.