CISA KEV Catalog Adds Cisco and PTC Windchill Flaws

CISA Adds Cisco Unified CM and PTC Windchill Flaws to KEV Catalog

Do Son June 26, 2026 2 minutes read

At a glance

Product: Cisco Unified Communications Manager, PTC Windchill PDMLink
Vulnerabilities: 2 flaws (CVE-2026-20230, CVE-2026-12569)
Highest severity: 9.3 (Critical · CVSSv4)
Worst impact: Remote Code Execution (RCE) in
Status: 2 exploited
Action: Update to the latest version immediately!

CVE	CVSS	Type	Status
CVE-2026-12569	9.3	Remote Code Execution (RCE) in	Exploited
CVE-2026-20230	8.6	CWE-918	Exploited

TL;DR

The CISA KEV Catalog gained two new entries on June 25, 2026. Both additions cite evidence of active exploitation. One flaw hits Cisco Unified Communications Manager. The other hits PTC Windchill and FlexPLM.

Why these CISA KEV Catalog additions matter

Both products sit deep inside enterprise networks. The Cisco flaw can hand an attacker root access. Meanwhile, the PTC flaw allows remote code execution. As a result, federal agencies must patch quickly. CISA set a remediation deadline of June 28, 2026.

How the attacks work

CVE-2026-20230 is an SSRF flaw in Cisco Unified CM’s WebDialer service. An unauthenticated attacker sends a crafted HTTP request. The server then writes files to the operating system, which can escalate to root. By contrast, CVE-2026-12569 is a deserialization flaw in PTC Windchill and FlexPLM. It lets a remote attacker run arbitrary code through a malicious request.

Affected versions

The Cisco bug affects Unified CM and Unified CM SME 14.x before 14SU6 and 15.x before 15SU5. WebDialer must be enabled, though it ships disabled by default. The PTC flaw impacts Windchill and FlexPLM releases before 11.0 M030, including all CPS versions.

Exploitation status

Researchers confirmed active attacks against the Cisco flaw, and a public proof-of-concept exists. CISA also lists the PTC Windchill flaw as exploited.

Patch and mitigation

Cisco urges upgrades to 14SU6 or 15SU5, with an interim COP patch for the 15 train. Disabling WebDialer lowers risk where patching lags. PTC users should move to release 11.0 M030 or later. Apply these fixes now to stay ahead of attackers.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Critical Alert 2 Active Exploits Detected Today

Leave a Reply Cancel reply