HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

CISA Adds CVE-2026-12569 (PTC Windchill) and CVE-2026-20230 (Cisco UC Manager) to KEV Catalog Amid Active Exploitation

CISA placed two actively exploited vulnerabilities—PTC Windchill/FlexPLM input validation (CVE‑2026‑12569) and Cisco Unified Communications Manager SSRF (CVE‑2026‑20230)—into its KEV catalog. Organizations must treat these as high‑risk items, map them to SOC 2 controls, and capture remediation evidence to stay audit‑ready.

LiveThreat™ Intelligence · 📅 June 26, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

CISA Adds CVE‑2026‑12569 (PTC Windchill) and CVE‑2026‑20230 (Cisco Unified Communications Manager) to KEV Catalog – Active Exploitation Confirmed

What It Is — CISA announced that two vulnerabilities—an improper input‑validation flaw in PTC Windchill/FlexPLM (CVE‑2026‑12569) and a server‑side request‑forgery issue in Cisco Unified Communications Manager (CVE‑2026‑20230)—have been observed in the wild and are now listed in the Known Exploited Vulnerabilities (KEV) catalog.

Exploitability — Both CVEs have publicly documented evidence of active exploitation; CVSS scores are 8.6 (Windchill) and 9.1 (Cisco) respectively.

Affected Products — PTC Windchill and FlexPLM platforms; Cisco Unified Communications Manager (UCM) software.

Why It Matters for Compliance & Audit Readiness

  • Control‑mapping frameworks (e.g., SOC 2 CC6.1 – Secure Development) require documented evidence that input‑validation and request‑validation controls are implemented and continuously monitored.
  • A KEV listing raises the risk profile that auditors will probe; having real‑time remediation evidence shortens the audit gap and demonstrates due diligence.
  • Storing patch‑status logs and configuration snapshots in a trusted evidence repository (e.g., Verisq’s Trust Center) provides immutable proof of remediation, satisfying both BOD 26‑04 and SOC 2 readiness expectations.

Recommended Actions

  • Map CVE‑2026‑12569 and CVE‑2026‑20230 to the relevant SOC 2 controls (CC6.1, CC7.1, etc.).
  • Verify that every publicly‑exposed instance of Windchill, FlexPLM, and Cisco UCM is patched to the vendor‑released fix; capture patch‑status logs as audit evidence.
  • Deploy continuous vulnerability scanning and feed results into a control‑evidence platform for ongoing compliance monitoring.
  • Update internal vulnerability‑management policies to reflect BOD 26‑04 requirements and prioritize KEV‑catalog items.

Source: CISA Advisory – 25 June 2026

📰 Original Source
https://www.cisa.gov/news-events/alerts/2026/06/25/cisa-adds-two-known-exploited-vulnerabilities-catalog

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →