CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to federal agencies, requiring them to patch two critical vulnerabilities by Sunday. These flaws, identified as CVE-2026-20230 and CVE-2026-12569, have already been exploited in attacks, making immediate action necessary to prevent further damage.

CVE-2026-20230 is a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager Server. This type of flaw allows attackers to bypass security controls by manipulating HTTP requests, potentially leading to remote code execution and data breaches. Cisco had initially downplayed the severity of this issue, but threat detection startup Defused observed it being exploited in attacks last weekend, with malicious actors writing arbitrary text files to affected endpoints.

The second vulnerability, CVE-2026-12569, is a critical-severity flaw in product lifecycle management (PLM) software from PTC. Specifically, the Windchill and FlexPLM systems are vulnerable due to an improper input validation issue that can be exploited through deserialization of untrusted data. This allows attackers to execute malicious code remotely, potentially compromising sensitive information. PTC had disclosed this flaw on June 18 and urged customers to take immediate action.

CISA’s Binding Operational Directive (BOD) 26-04 requires federal agencies to address these vulnerabilities by Sunday, June 28. Agencies bound by this directive should prioritize patching and take necessary steps to secure their systems before the deadline. This includes applying available security updates and vendor-recommended mitigations or stopping use of affected products altogether.

The exploitation of these flaws underscores the importance of regular vulnerability assessments and timely patches. Security teams must stay vigilant and proactive in detecting and responding to threats, rather than relying on reactive measures after an attack has occurred. By prioritizing cybersecurity and staying ahead of potential threats, organizations can minimize the risk of data breaches and reputational damage.

As a practical takeaway, it’s essential for security teams to regularly test their systems and defenses against potential vulnerabilities. This includes simulating attacks through breach and attack simulation testing to identify weaknesses in SIEM and EDR rules. By taking proactive steps to secure their environment, organizations can reduce the likelihood of successful attacks and minimize the impact when breaches do occur.


Source: Bleeping Computer — 2026-06-26