CISA Sunday – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Cisco Unified Communications Manager Server flaw to its Known Exploited Vulnerabilities catalog and set a hard Sunday deadline for federal agencies to remediate. The same deadline als
By Sunday, federal agencies are expected to have the same action locked in: patch Cisco Unified Communications Manager Server systems exposed to a vulnerability that’s already being used in real-world attacks.
CISA says the bug—identified as CVE-2026-20230—is being actively exploited and has been added to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is a server-side request forgery (SSRF) issue. Under the Binding Operational Directive (BOD) 26-04, remediation is treated as urgent, with the deadline set for Sunday, June 28.
Cisco marked CVE-2026-20230 with critical severity and released a patch on June 3. In its advisory, the company warned the problem could be exploited remotely and without authentication via specially crafted HTTP requests. At the time, Cisco said proof-of-concept exploit code existed, but it had found no evidence of active exploitation.
That changed after threat detection startup Defused observed the vulnerability being exploited last weekend—specifically to write arbitrary text files to affected endpoints.
What makes the clock feel even tighter for defenders is that the attackers’ identity is still unclear. It is currently unknown what type of threat actor is leveraging CVE-2026-20230 in attacks.
The situation is not limited to Cisco. CISA has also added CVE-2026-12569 to the KEV catalog. another urgent target carrying a critical severity rating and a June 28 deadline for federal agencies. This second vulnerability affects PTC’s Windchill and FlexPLM—product lifecycle management (PLM) systems used in industries including manufacturing. engineering. retail. footwear. apparel. and consumer products.
CVE-2026-12569 is a remote code execution (RCE) vulnerability that can be exploited through the deserialization of untrusted data. PTC disclosed the issue on June 18 and published a security advisory. pointing customers to a complete list of vulnerable Windchill and FlexPLM versions and urging immediate remediation.
According to PTC, the flaw affects all versions up to 11.0 and multiple versions of the 11.1, 11.2, 12.0, 12.1, and 13.0 release branches.
For agencies and organizations bound by BOD 26-04, the message from CISA is direct: take immediate action by applying available security updates and vendor-recommended mitigations, or stop using the products named by the deadline.
CISA BOD 26-04 KEV CVE-2026-20230 Cisco Unified Communications Manager Server SSRF Defused Cisco patch June 3 CVE-2026-12569 PTC Windchill FlexPLM RCE deserialization of untrusted data June 28 deadline