CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA has added two new vulnerabilities, CVE-2026-12569 and CVE-2026-20230, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. These vulnerabilities, affecting PTC Windchill/FlexPLM and Cisco Unified Communications Manager respectively, pose significant risks and are frequent attack vectors for malicious actors.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog signifies known weaknesses that are currently being leveraged by threat actors, presenting an immediate risk to organizations.
Severity
CISA KEV: Listed as actively exploited. Federal patch due: June 28, 2026. Known ransomware use: Unknown.
Defender Context
Organizations, particularly Federal Civilian Executive Branch (FCEB) agencies, must prioritize patching these newly identified exploited vulnerabilities. Proactive vulnerability management and prompt remediation of KEV Catalog entries are crucial to mitigating active threats and reducing the attack surface.