THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2026-12569, a critical remote code execution vulnerability in PTC Windchill and FlexPLM with a CVSS score of 9.3, and CVE-2026-20230, a server-side request forgery vulnerability in Cisco Unified Communications Manager with a CVSS score of 8.6.
Both vulnerabilities pose serious security risks, with the potential for remote attackers to gain unauthorized access and escalate privileges. CISA has mandated federal agencies to remediate these issues by June 28, 2026, while private organizations are also encouraged to review and address these vulnerabilities in their systems.