CYBERSIXT Signal Over Noise
www.cisa.gov 6/26/2026, 6:19:20 AM · external

CISA Adds Cisco UC Manager SSRF Flaw to KEV Catalog

Developing story vulnerability 13 articles tracked
Cisco Unified CM and PTC Windchill vulnerabilities exploited, added to CISA KEV
CyberSIXT Evidence Panel
Primary Source nvd.nist.gov
CVE Intel
CVE-2026-20230 - NVD CISA KEV due 2026-06-28 8.6 HIGH Patch Unknown
CISA KEV Listed in KEV
Patch Patch Status Unknown

THE Known Exploited Vulnerabilities (KEV) Catalog, maintained by CISA, serves as an authoritative resource for identifying vulnerabilities actively exploited in the wild, aimed at assisting organizations in managing vulnerabilities and threat activities. The catalog can be integrated into vulnerability management frameworks, helping prioritize risk mitigation efforts.

The catalog currently lists CVE-2026-20230, which identifies a server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager that may allow unauthenticated remote attackers to write files to the operating system. Users are encouraged to take practical mitigations as per vendor guidelines and follow CISA's BOD 26-04 recommendations for security updates based on risk. The catalog can be accessed in various formats, including CSV and JSON.

View Primary Source Via www.cisa.gov

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline