CISA Adds Two Critical Exploited Vulnerabilities to KEV Catalog, Urges Immediate Remediation
The **Cybersecurity and Infrastructure Security Agency (CISA)** has updated its **Known Exploited Vulnerabilities (KEV) Catalog** with two new entries, **CVE-2026-12569** affecting **PTC Windchill** and **FlexPLM**, and **CVE-2026-20230** impacting **Cisco Unified Communications Manager**. These vulnerabilities are actively exploited, posing significant risks that demand urgent attention from federal agencies and private organizations alike.
The **CISA** has issued a critical update to its **Known Exploited Vulnerabilities (KEV) Catalog**, adding two new vulnerabilities that are currently under active exploitation.
These additions underscore the persistent threat landscape and the importance of proactive vulnerability management for all organizations.
### Newly Added Vulnerabilities
The two vulnerabilities now listed in the **KEV Catalog** are:
* **CVE-2026-12569**: An Improper Input Validation Vulnerability affecting **PTC Windchill** and **FlexPLM** products.
* **CVE-2026-20230**: A Server-Side Request Forgery (SSRF) Vulnerability found in **Cisco Unified Communications Manager**.
Both types of vulnerabilities are frequently leveraged by malicious cyber actors and present substantial risks to enterprise security.
### Binding Operational Directive 26-04 in Focus
These additions align with **Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk**. This directive mandates vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies.
**BOD 26-04** emphasizes the critical role of the **KEV Catalog**, requiring federal agencies to rapidly remediate high-risk vulnerabilitiesβspecifically those listed in the catalog that, if exploited, grant total control of the asset. The directive also sets expectations for agencies to check for potential compromise before applying patches.
### A Call to Action for All Organizations
While **BOD 26-04** is binding only for **FCEB** agencies, **CISA** strongly encourages all organizations, regardless of sector, to adopt a risk-based approach to vulnerability management. Prioritizing the remediation of vulnerabilities listed in the **KEV Catalog** is a crucial step in bolstering cybersecurity defenses.
**CISA** continuously updates the catalog with vulnerabilities that meet its specific criteria, ensuring that organizations have access to the most current information on actively exploited threats.
### Nominate an Exploited Vulnerability
Organizations aware of an exploited vulnerability not yet listed in the **KEV Catalog** are encouraged to submit it for consideration through **CISA**'s **KEV Nomination Form**. To be considered, a vulnerability must have a **CVE ID**, clear evidence of active exploitation, and actionable mitigation guidance.