CVE Tools
Back to feed
BleepingComputer ·EN-US News source

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

By Bill Toulas··2 min read
CVE Tools coverage

CISA has issued an urgent directive for federal agencies to patch CVE-2026-20230 in Cisco Unified Communications Manager Server, a server-side request forgery (SSRF) issue that is already being exploited in the wild and is listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Cisco rated it critical and released a fix on June 3, warning it can be triggered remotely without authentication through specially crafted HTTP requests, and researchers have reported observed attacks leveraging it to write arbitrary text files. The deadline to remediate is Sunday, June 28, and CISA also added CVE-2026-12569 to KEV for PTC Windchill and FlexPLM (improper input validation leading to remote code execution).