GoKawiilThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited.
Identified as CVE-2026-20230, the security issue is server-side request forgery (SSRF) and has been added to the agency's catalog of Known Exploited Vulnerabilities (KEV).
Per Binding Operational Directive (BOD) 26-04, the remediation is deemed urgent and must addressed by Sunday, June 28.
Cisco marked CVE-2026-20230 with critical severity and released a patch on June 3, warning that it could be exploited remotely and without authentication via specially crafted HTTP requests.
At the time, the company noted that a proof-of-concept exploit existed, but had found no evidence of active exploitation.
Last weekend, threat detection startup Defused observed the vulnerability being exploited in attacks to write arbitrary text files to affected endpoints.
It is currently unknown what type of threat actor is leveraging CVE-2026-20230 in attacks.
Critical flaw in PLM products
CISA has also added CVE-2026-12569 to the KEV catalog, an improper input validation flaw impacting the PTC Windchill and FlexPLM software products.
Both are product lifecycle management (PLM) systems developed by PTC specifically for the manufacturing, engineering, retail, footwear, apparel, and consumer products industries.
... continue reading