【Vulnerability Alert】CISA Added 6 Known Exploited Vulnerabilities to the KEV Catalog (2026/06/22–2026/06/28)

publish date : 2026-07-03 update date : 2026-07-03

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026062903065555 Publication Time 2026-06-29 15:28:56
Incident Type ANA-Vulnerability Alert Discovery Time 2026-06-29 15:28:56
Impact Level Low  
[Subject]
【Vulnerability Alert】CISA Added 6 Known Exploited Vulnerabilities to the KEV Catalog (2026/06/22–2026/06/28)
[Content]

Forwarded from TWCERTCC Security Advisory TWCERTCC-200-202606-00000018

【CVE-2025-67038】Lantronix EDS5000 Code Injection Vulnerability (CVSS v3.1: 9.8)
【Whether exploited by ransomware: Unknown】 Lantronix EDS5000 has a code injection vulnerability. An attacker may exploit this vulnerability to inject arbitrary operating system commands into the username parameter and execute them with root privileges.

【CVE-2026-34910】Ubiquiti UniFi OS Improper Input Validation Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】 Ubiquiti UniFi OS has an improper input validation vulnerability. A malicious attacker with network access may exploit this vulnerability to perform a command injection attack.

【CVE-2026-34909】Ubiquiti UniFi OS Path Traversal Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】 Ubiquiti UniFi OS has a path traversal vulnerability. A malicious attacker with network access may exploit this vulnerability to access files on the underlying system, and may further obtain access privileges to an underlying system account by manipulating or exploiting these files.

【CVE-2026-34908】Ubiquiti UniFi OS Improper Access Control Vulnerability (CVSS v3.1: 10.0)
【Whether exploited by ransomware: Unknown】 Ubiquiti UniFi OS has an improper access control vulnerability. A malicious attacker with network access may exploit this vulnerability to make unauthorized changes to the system.

【CVE-2026-12569】PTC Windchill and FlexPLM Improper Input Validation Vulnerability (CVSS v3.1: 9.8)
【Whether exploited by ransomware: Unknown】 PTC Windchill and FlexPLM have an improper input validation vulnerability. An unauthenticated remote attacker may execute arbitrary code by sending malicious requests to the network.

【CVE-2026-20230】Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability (CVSS v3.1: 8.6)
【Whether exploited by ransomware: Unknown】 Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) have a server-side request forgery vulnerability. An unauthenticated remote attacker may exploit this vulnerability to write files to the underlying operating system and subsequently use these files to further elevate privileges to root.

Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)

[Affected Platform]

【CVE-2025-67038】Please refer to the affected versions listed by the official source https://www.lantronix.com/technical-support/security-updates/vulnerability-disclosure-policy/vulnerability-library/cve-2025-67038-eds-5000-eds-3000/?_gl=1*11k48gn*_up*MQ..*_ga*NzY1MzgwNjcxLjE3ODI2OTc0Nzg.*_ga_M2G6RLT5L3*czE3ODI2OTc0NzckbzEkZzEkdDE3ODI2OTc1NTckajYwJGwwJGgw

【CVE-2026-34910】Please refer to the affected versions listed by the official source https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34909】Please refer to the affected versions listed by the official source https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34908】Please refer to the affected versions listed by the official source https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-12569】Please refer to the affected versions listed by the official source https://www.ptc.com/en/support/article/CS473270

【CVE-2026-20230】Please refer to the affected versions listed by the official source https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

[Recommended Actions]

【CVE-2025-67038】The official source has released a fix update for the vulnerability. Please update to the relevant version https://www.lantronix.com/technical-support/security-updates/vulnerability-disclosure-policy/vulnerability-library/cve-2025-67038-eds-5000-eds-3000/?_gl=1*11k48gn*_up*MQ..*_ga*NzY1MzgwNjcxLjE3ODI2OTc0Nzg.*_ga_M2G6RLT5L3*czE3ODI2OTc0NzckbzEkZzEkdDE3ODI2OTc1NTckajYwJGwwJGgw

【CVE-2026-34910】The official source has released a fix update for the vulnerability. Please update to the relevant version https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34909】The official source has released a fix update for the vulnerability. Please update to the relevant version https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-34908】The official source has released a fix update for the vulnerability. Please update to the relevant version https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

【CVE-2026-12569】The official source has released a fix update for the vulnerability. Please update to the relevant version https://www.ptc.com/en/support/article/CS473270

【CVE-2026-20230】The official source has released a fix update for the vulnerability. Please update to the relevant version
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW

[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center