logo

CISA Adds Cisco Unified CM and PTC Windchill Flaws to KEV Catalog

ID: 4ae5a2f9-6a96-52c6-9f5b-4d7cfaa03b4f

STIX ID: report--4ae5a2f9-6a96-52c6-9f5b-4d7cfaa03b4f

Feed Name: securityonline.info

Threat Score
90/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Do Son

...
...

Two high-severity vulnerabilities were added to CISA's KEV catalog on June 25, 2026 with evidence of active exploitation: CVE-2026-20230 (an SSRF in Cisco Unified Communications Manager WebDialer that can lead to file writes and root escalation) and CVE-2026-12569 (a deserialization RCE in PTC Windchill and FlexPLM). CISA set a June 28, 2026 remediation deadline; vendors provide fixes (upgrade Cisco to 14SU6/15SU5 or apply interim COP and/or disable WebDialer; upgrade PTC to 11.0 M030) and immediate patching/mitigation is strongly recommended.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.