The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its Known Exploited Vulnerabilities catalog, the running list of bugs that attackers are already using in the wild. Both now carry a hard deadline for federal agencies to patch.
The two flaws are a server-side request forgery (SSRF) weakness in Cisco Unified Communications Manager, tracked as CVE-2026-20230, and an improper input validation bug in PTC Windchill and FlexPLM, tracked as CVE-2026-12569. CISA says it added both based on evidence of active exploitation, though it did not name the actors behind the attacks or describe specific intrusions.
Why this matters
An SSRF flaw lets an attacker trick a server into making requests on their behalf, which can be used to reach internal systems that should never be exposed or to pull back sensitive data. Cisco Unified Communications Manager sits at the heart of enterprise phone and collaboration systems, so a foothold there can open a path deeper into a corporate network. PTC Windchill and FlexPLM are product lifecycle management platforms used heavily in manufacturing, where they hold design data and engineering records, making them an attractive target for theft of intellectual property.
What you should do
CISA's Binding Operational Directive 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of KEV-listed flaws on internet-facing assets, and to check whether a system was already compromised before the patch went on. CISA urges every organization, not just federal agencies, to treat KEV entries as priority fixes. Apply the vendor updates from Cisco and PTC, and review logs on exposed Unified CM and Windchill instances for signs of earlier access.
This is the latest in a steady run of actively exploited enterprise bugs CISA has flagged in recent weeks. See our coverage of an earlier pair of Cisco and cPanel flaws added to the same catalog and a separate Cisco SD-WAN zero-day used to gain root access.
Indicators
- CVE-2026-20230 (Cisco Unified Communications Manager, SSRF)
- CVE-2026-12569 (PTC Windchill and FlexPLM, improper input validation)
This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.