**CISA** has added two high-priority vulnerabilities to its catalog of Known Exploited Vulnerabilities (**KEV**), setting a strict deadline for federal agencies to implement patches. The directive, issued under Binding Operational Directive (**BOD**) 26-04, underscores the critical nature of these flaws and the immediate threat they pose. ### Cisco Unified Communications Manager Under Attack One of the vulnerabilities, **CVE-2026-20230**, impacts **Cisco Unified Communications Manager Server**. This server-side request forgery (**SSRF**) flaw was initially rated as critical by **Cisco**, which released a patch on June 3. At the time, a proof-of-concept exploit was known, but no active exploitation was observed. However, threat detection startup **Defused** recently reported active exploitation of **CVE-2026-20230**. Attackers are leveraging the vulnerability to write arbitrary text files to affected endpoints. The identity of the threat actors behind these attacks remains unknown. Federal agencies are required to address this vulnerability by Sunday, June 28. ### Critical RCE in PTC PLM Products **CISA** has also flagged **CVE-2026-12569**, an improper input validation flaw affecting **PTC Windchill** and **FlexPLM** software products. These product lifecycle management (**PLM**) systems are widely used across manufacturing, engineering, retail, footwear, apparel, and consumer products industries. **CVE-2026-12569** is a critical-severity remote code execution (**RCE**) vulnerability, exploitable through the deserialization of untrusted data. **PTC** disclosed the issue on June 18, providing a security advisory with a comprehensive list of vulnerable **Windchill** and **FlexPLM** versions. The flaw impacts all versions up to 11.0, as well as multiple releases within the 11.1, 11.2, 12.0, 12.1, and 13.0 branches. **CISA** has set the same June 28 deadline for federal agencies to patch **CVE-2026-12569**. ### Immediate Action Required Organizations and agencies subject to **BOD 26-04** must take immediate action. This includes applying all available security updates, implementing vendor-recommended mitigations, or, if necessary, discontinuing the use of the affected products by the specified deadline. Failure to comply could leave critical infrastructure vulnerable to active exploitation.