CISA adds PTC Windchill/FlexPLM, Cisco flaws to KEV
For Federal Civilian Executive Branch teams, catalog status turns vulnerability triage into a Binding Operational Directive 26-04 priority call.
TL;DR
CISA added CVE-2026-12569, an improper input validation vulnerability in PTC Windchill and FlexPLM, and CVE-2026-20230, a Cisco server-side request forgery vulnerability, to the Known Exploited Vulnerabilities (KEV) catalog based on confirmed active exploitation. Federal Civilian Executive Branch agencies must prioritize remediation under Binding Operational Directive 26-04. State CISOs and assessors get the same exploitation signal without the same mandatory federal workflow.
The operational step is narrow: identify whether CVE-2026-12569 or CVE-2026-20230 appears in the environment, especially on internet-facing systems, then remediate under the Known Exploited Vulnerabilities (KEV) catalog process. Binding Operational Directive 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of KEV-listed Common Vulnerabilities and Exposures on publicly exposed assets that grant total control after exploitation, while deferring lower-risk work. CISA also says the directive sets baseline expectations for checking whether a system was compromised before the patch landed. Organizations outside the federal directive should still treat the KEV listing as CISA's active-exploitation signal.
Published ·Deep Fathom