TWO security flaws impacting Cisco Unified Communications Manager and PTC Windchill have been added to the CISA Known Exploited Vulnerabilities catalogue after being observed in active attack, prompting an urgent warning for organisations that rely on these platforms.
The Cisco issue, tracked as CVE‑2026‑20230, is a server‑side request forgery vulnerability with a CVSS v3.1 base score of 8.6 that lets an unauthenticated remote attacker write arbitrary files to the underlying operating system through the WebDialer service, a capability that can be chained to obtain root privileges on affected systems.
The PTC flaw, recorded as CVE‑2026‑12569, carries a CVSS v3.1 base score of 9.3 and stems from improper input validation in Windchill and FlexPLM, allowing an unauthenticated remote attacker to execute arbitrary code with the privileges of the service account simply by sending a malicious network request.
Researchers noted that proof‑of‑concept exploit code for the Cisco SSRF bug was weaponised within 24 hours of its public release, with analysis showing a multi‑stage attack chain involving crafted HTTP requests, malicious file uploads and a second JSP web shell to achieve full control, while no specific threat actors have been linked to either vulnerability to date.
Defenders should immediately apply the latest patches released by Cisco for Unified Communications Manager versions 14 and 15, disable the WebDialer service if it is not required, restrict outbound network connections from affected servers and monitor for anomalous file‑write activity or unexpected outbound traffic as recommended in the Cisco security advisory.
PTC advises customers to upgrade Windchill and FlexPLM to the fixed versions as soon as they become available and to follow the mitigation steps outlined in the CISA KEV entry, noting that the remediation deadline set by the agency is 28 June 2026 for both flaws.