# CISA adds actively exploited Cisco Unified CM SSRF CVE-2026-20230 to KEV catalog, federal agencies ordered to patch by Sunday

_Friday, June 26, 2026 at 6:23 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

The U.S. Cybersecurity and Infrastructure Security Agency is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. Identified as CVE-2026-20230, the security issue is server-side request forgery and has been added to the agency's catalog of Known Exploited Vulnerabilities. Per Binding Operational Directive 26-04, the remediation is deemed urgent and must be addressed by Sunday, June 28. Cisco marked CVE-2026-20230 with critical severity and released a patch on June 3, warning that it could be exploited remotely and without authentication via specially crafted HTTP requests. Last weekend, threat detection startup Defused observed the vulnerability being exploited in attacks to write arbitrary text files to affected endpoints. It is currently unknown what type of threat actor is leveraging CVE-2026-20230 in attacks. CISA has also added CVE-2026-12569 to the KEV catalog, an improper input validation flaw impacting PTC Windchill and FlexPLM software products. CISA set the same June 28 deadline for federal agencies to patch CVE-2026-12569.

## Sources

- [BleepingComputer](https://www.bleepingcomputer.com/)

---
Canonical: https://techandbusiness.org/newswire/dwShKCC5FBZlnWiQ1Q5oCU
Retrieved: 2026-06-27T01:25:57.274Z
Publisher: Tech & Business (techandbusiness.org)