CyberSip™ — Issue 73 — June 26, 2026

Today’s picture

JFrog Security Research published a working exploit walkthrough today for DirtyClone, a fourth variant in the DirtyFrag family of Linux kernel privilege escalation flaws. Tracked as CVE-2026-43503 with a CVSS score of 8.8, it allows any unprivileged local user to corrupt a cached privileged binary in memory and gain root, leaving no kernel logs or audit traces behind. The patch has been in mainline Linux since May 21 and backported to stable and long-term support branches. PTC confirmed on June 25 that CVE-2026-12569, a CVSS 9.3 remote code execution flaw in its Windchill product lifecycle management and FlexPLM software, is being actively exploited with attackers deploying JSP webshells named using 16 lowercase hex characters. This is the first PTC product vulnerability to reach CISA’s Known Exploited Vulnerabilities catalog. CISA added Cisco Unified CM CVE-2026-20230 to its KEV catalog on June 25 with a federal remediation deadline of June 28, confirming that the WebDialer SSRF flaw exploited to write webshells and achieve root remains an active and unresolved risk across Unified CM deployments.

Threat snapshot

3 active items · 2 monitoring

DirtyClone CVE-2026-43503 / working PoC today / patch in mainline since May 21 PTC Windchill CVE-2026-12569 / CVSS 9.3 / exploited / JSP webshells Cisco Unified CM CVE-2026-20230 / CISA KEV / June 28 deadline 3 items this issue

TodayDirtyCloneWorking PoC

DirtyClone CVE-2026-43503: a fourth DirtyFrag-family Linux kernel root escalation with a working public PoC published today. An unprivileged user corrupts a cached setuid binary in memory via IPsec, gains root, and leaves no trace. The patch shipped in mainline on May 21.

JFrog confirmed the exploit works on default installations of Debian, Fedora, and Ubuntu. The attack is silent: it modifies the in-memory page cache copy of a binary, never touching the file on disk, so file integrity tools report nothing. The highest-risk environments are multi-tenant servers, CI runners, Kubernetes clusters, and any system where unprivileged user namespaces are enabled. Ubuntu 24.04-plus with AppArmor restricting namespaces is not directly vulnerable in its default configuration.

June 25–26PTC WindchillExploitedFirst KEV

PTC Windchill CVE-2026-12569 CVSS 9.3 confirmed exploited. Attackers are deploying JSP webshells named with 16 lowercase hex characters. First PTC product ever to reach CISA KEV. Patches available; patch now and audit for webshells.

PTC confirmed continued heightened threat activity as of June 25. Detection: search HTTP logs for POST requests to /Windchill/login/*.jsp, scan the filesystem for .jsp files under the codebase/login/ directory, and check for flst.txt in /tmp as a file-listing activity indicator. The attack vector is deserialization of untrusted data over the network. No authentication required.

June 25Cisco Unified CMCISA KEVDeadline Sunday

Cisco Unified CM CVE-2026-20230 added to CISA KEV with a June 28 deadline. First covered in Issue 71 when exploitation was confirmed. Unauthenticated SSRF chains to root via WebDialer file write. Disable WebDialer and patch to 14SU6 or 15SU5.

The CISA KEV addition is a formal confirmation of the active exploitation this brief documented on June 24. The June 28 deadline applies to federal agencies but signals urgency for all organizations running Cisco Unified CM with WebDialer enabled.

Detailed intelligence

Full analysis

01 DirtyClone Working PoC Today

DirtyClone CVE-2026-43503: fourth DirtyFrag-family Linux kernel privilege escalation. A working exploit is public today. Any unprivileged user can reach root by corrupting a cached binary in memory without touching the disk. Patch shipped May 21.

CVE-2026-43503 · CVSS 8.8 · JFrog

JFrog Security Research published a detailed exploit walkthrough for DirtyClone on June 25, the first public demonstration of exploitation for this specific variant. The flaw allows any unprivileged local user who can acquire CAP_NET_ADMIN capability, commonly available via unprivileged user namespaces, to gain full root access by corrupting the in-memory page cache copy of a setuid binary, bypassing file integrity tools entirely.

Executive Impact

The risk is highest in multi-tenant Linux environments including shared cloud servers, Kubernetes clusters, CI/CD runners, and container hosts where multiple users or workloads share the same kernel and unprivileged user namespaces are enabled by default. Update the Linux kernel on all such systems to a version that includes the May 21 fix for CVE-2026-43503. For systems that cannot be patched immediately, the effective mitigation is to restrict unprivileged user namespaces, which removes the CAP_NET_ADMIN capability the exploit requires. On Debian and Ubuntu this is done by setting kernel.unprivileged_userns_clone to 0 via sysctl.

Don’t Miss

DirtyClone is the fourth confirmed exploitable variant in the DirtyFrag vulnerability family, which JFrog traces to a shared architectural weakness in how Linux handles socket buffer fragments that reference shared page cache memory. The four variants are Copy Fail in late April, DirtyFrag in May, Fragnesia in mid-May, and now DirtyClone. JFrog states explicitly that the underlying problem is not one bad helper function but a contract problem: every code path that moves socket buffer fragments must preserve the shared-frag bit, every time. Each variant found a path where that contract was not honored. A system is only fully protected against this entire exploitation class once the complete chain of fixes for all four variants is applied, not just the patch for any single one. Administrators should verify their kernels include fixes for all four CVEs: CVE-2026-31431, CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, and CVE-2026-43503.

CyberSip Take

Four Linux kernel root escalation variants in two months, all from the same underlying architectural weakness. The patch is available and has been since May 21. For Kubernetes clusters, CI runners, and multi-tenant servers, this is not a theoretical risk: any user or container with namespace access can turn a local foothold into root on the kernel. Update the kernel or restrict namespaces. Given that a PoC is public and this is the fourth variant in a known family, assume active exploitation of unpatched systems is underway.

How DirtyClone works

DirtyClone exploits a metadata propagation failure in the Linux kernel’s networking code. When the kernel copies a network packet internally using the helper function __pskb_copy_fclone(), two helper functions fail to propagate a safety flag called SKBFL_SHARED_FRAG. This flag marks packet memory as shared with a file stored on disk. When the flag is missing, downstream subsystems that perform in-place cryptographic operations, specifically IPsec via the XFRM subsystem, do not trigger the required Copy-on-Write before modifying the memory. They write directly into the page cache copy of the file.

An attacker exploiting this performs the following sequence: load a privileged setuid binary such as /usr/bin/su into memory, wire those memory pages into a network packet, force the kernel to clone the packet using __pskb_copy_fclone(), and route the cloned packet through an IPsec tunnel the attacker controls. The IPsec decryption step overwrites the binary’s login checks with attacker-chosen bytes. The attacker then calls su, which executes the modified in-memory version, now without authentication checks, and receives a root shell. The entire attack modifies the page cache, not the file on disk, so file integrity monitoring tools that check disk hashes report nothing unusual.

The attack requires CAP_NET_ADMIN capability to configure the IPsec tunnel. On most modern Linux distributions with unprivileged user namespaces enabled, any local user can obtain a namespace-local CAP_NET_ADMIN capability without elevated privileges. JFrog confirmed successful exploitation against default installations of Debian, Fedora, and Ubuntu. Ubuntu 24.04 and later, with AppArmor restricting namespace creation by default, is not directly vulnerable in its stock configuration.

The fix, merged to mainline Linux on May 21 as commit 48f6a5356a33 and assigned CVE-2026-43503, ensures the SKBFL_SHARED_FRAG flag is correctly propagated through __pskb_copy_fclone() and skb_shift() and additional fragment-transfer helpers. The fix was backported to stable and LTS kernel branches and is available in distribution kernel packages from Debian, Ubuntu, Fedora, Red Hat, and SUSE.

Recommended actions

Update the Linux kernel on all systems to a version that includes the fix for CVE-2026-43503. Verify the installed kernel includes fixes for all five DirtyFrag-family CVEs: CVE-2026-31431, CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, and CVE-2026-43503.
For systems that cannot be patched immediately, restrict unprivileged user namespaces by setting kernel.unprivileged_userns_clone=0 via sysctl. This removes the exploit’s access to CAP_NET_ADMIN capability. On Fedora and RHEL, use kernel.unprivileged_userns_clone=0. On Debian and Ubuntu, the equivalent is kernel.unprivileged_userns_clone=0 in a sysctl.d configuration file.
Do not rely on file integrity monitoring to detect an active DirtyClone exploit. The attack modifies the in-memory page cache only and leaves file checksums intact. Behavioral detection of unexpected process privilege escalations or unexpected setuid binary execution is the relevant monitoring control.
Prioritize patching for Kubernetes clusters, CI/CD runners, container hosts, and any multi-tenant server where untrusted users or workloads run in the same kernel context.

Derived from The Hacker News and JFrog Security Research blog on DirtyClone CVE-2026-43503, June 25–26, 2026.

02 PTC Windchill Exploited First PTC KEV

PTC Windchill CVE-2026-12569 CVSS 9.3 confirmed exploited. Attackers deploy JSP webshells named with 16 hex characters. Industrial and manufacturing environments running product lifecycle management software are the target. Patches available now.

CVE-2026-12569 · CVSS 9.3 · PTC

CISA added CVE-2026-12569 to its Known Exploited Vulnerabilities catalog after PTC confirmed active exploitation on June 25. The flaw is a remote code execution vulnerability in PTC Windchill PDMLink and FlexPLM software, exploitable via deserialization of untrusted data without authentication. Attackers are deploying persistent JSP webshells as the initial post-exploitation action.

Executive Impact

Organizations running PTC Windchill PDMLink or FlexPLM should apply the available patches immediately and conduct an IOC review of the application before and after patching. Windchill is deployed in manufacturing, aerospace, defense, automotive, and industrial engineering environments as the central repository for product design data, engineering specifications, and manufacturing processes. A compromise of a Windchill instance could give an attacker access to proprietary designs, production processes, and engineering data representing years of intellectual property. PTC has published specific IOC indicators and search patterns for defenders in its Trust Center advisory.

Don’t Miss

PTC provides specific detection guidance that goes beyond checking for the presence of known malicious files. The attackers are naming webshells using 16 lowercase hexadecimal characters, which means the webshell filenames change between deployments and cannot be detected by scanning for a single known filename. The correct detection approach is to search HTTP access logs for any POST request to /Windchill/login/*.jsp, since legitimate Windchill traffic does not POST to that path. Additionally, the presence of flst.txt in the /tmp directory or the Windchill working directory confirms that the attacker has already run file listing activity, indicating successful exploitation prior to webshell deployment. The attacker command and control uses a custom HTTP header, X-windchill-req, that has no legitimate use in Windchill, which makes it a reliable detection signal in HTTP logs and WAF rules.

CyberSip Take

Product lifecycle management software holds some of the most valuable intellectual property in industrial and manufacturing organizations: the actual designs and specifications for the physical things those organizations make. An unauthenticated RCE in Windchill with confirmed active exploitation and a specific attacker IOC set means patch and audit today. The IOC set PTC published is specific enough that a single HTTP log query and a filesystem scan will confirm or deny whether a given instance has been touched.

What happened

PTC updated its Trust Center advisory on June 25, 2026, confirming continued reports of heightened threat activity against CVE-2026-12569 in PTC Windchill PDMLink and FlexPLM. The vulnerability is an improper input validation flaw that can be exploited through deserialization of untrusted data by an unauthenticated attacker who can reach the Windchill server over the network. PTC rated the flaw at CVSS 9.3 and released patches for affected versions in the preceding week.

CISA added CVE-2026-12569 to its Known Exploited Vulnerabilities catalog on June 26, making it the first PTC product vulnerability to reach the catalog. Attackers exploiting the flaw are deploying JSP webshells to the Windchill application server. The webshells use filenames consisting of 16 lowercase hexadecimal characters, a technique that prevents simple signature-based detection based on specific filenames. Post-exploitation activity observed by PTC includes file listing operations, indicated by the creation of a file named flst.txt. The attacker command and control protocol uses a custom HTTP header named X-windchill-req, which has no legitimate purpose in the Windchill application.

PTC Windchill PDMLink is a product lifecycle management platform used across the aerospace, defense, manufacturing, automotive, and industrial engineering sectors. It manages product design data, engineering specifications, bill of materials information, and manufacturing processes. The software is widely deployed in organizations that maintain sensitive proprietary designs and production intellectual property.

Recommended actions

Apply the patches for CVE-2026-12569 available from PTC’s support portal for all affected Windchill PDMLink and FlexPLM versions immediately.
Before and after patching, run PTC’s published IOC checks: search HTTP access logs for POST requests to /Windchill/login/*.jsp, scan the filesystem for .jsp files with 16-hex-character names under .../Windchill/codebase/login/, and check for flst.txt in /tmp or the Windchill working directory.
Add a WAF or IDS rule blocking any request containing the HTTP header X-windchill-req:, which has no legitimate use in Windchill and is used exclusively by the observed attack tooling.
Restrict internet exposure of the Windchill login endpoint. PTC specifically calls this out as a mitigation step for environments where immediate patching is not feasible.

Derived from The Hacker News, PTC Trust Center advisory, and CISA KEV catalog entry for CVE-2026-12569, June 25–26, 2026.

03 Cisco Unified CM CISA KEV Deadline Sunday

Cisco Unified CM CVE-2026-20230 added to CISA KEV with a June 28 federal deadline. The unauthenticated WebDialer SSRF flaw chainable to root is confirmed exploited. Disable WebDialer and patch to 14SU6 or 15SU5.

CVE-2026-20230 · CVSS 8.6

CISA added CVE-2026-20230 to its Known Exploited Vulnerabilities catalog on June 25 with a mandatory federal remediation deadline of June 28. Active exploitation was confirmed on June 24 in Issue 71. The CISA KEV addition formalizes the urgency of patching and extends the compliance obligation to all federal civilian agencies.

Executive Impact

Federal agencies have until Sunday June 28 to remediate. Private sector organizations should treat the CISA KEV listing as an immediate priority signal rather than a compliance requirement with no direct obligation. Cisco Unified CM is enterprise telephony infrastructure. Any instance where WebDialer is enabled and network-accessible should be treated as requiring patching or WebDialer disablement before the weekend is over. The CVSS score of 8.6 continues to understate the end-state risk, which is full root compromise of the telephony server.

Don’t Miss

This brief documented active exploitation of CVE-2026-20230 on June 24 in Issue 71 after Defused confirmed honeypot hits. The CISA KEV addition on June 25 and the June 28 deadline represent the formal response to exploitation that was already underway. Any Unified CM instance where WebDialer was running and network-accessible during the exploitation window, which began around June 24 based on confirmed honeypot activity, should be treated as potentially compromised and audited for the IOC artifacts Cisco has identified: unexpected .jsp or .php files in web application directories, unexpected outbound connections from the Unified CM server, and the cve-2026-20230-test.txt file in /tmp that the current scanning payload leaves as a marker.

CyberSip Take

The CISA KEV deadline is Sunday. If WebDialer is enabled on any Unified CM instance in your environment, disable it today. If the patch is already in your change management queue, expedite it. This flaw was already being exploited two days ago and the federal deadline is in two days. Both of those facts apply equally regardless of whether your organization is a federal agency.

What is new

CISA added CVE-2026-20230 to its Known Exploited Vulnerabilities catalog on June 25, 2026, with a mandatory remediation deadline of June 28 for Federal Civilian Executive Branch agencies under Binding Operational Directive 26-04. The vulnerability, an unauthenticated server-side request forgery in the Cisco Unified CM WebDialer component that chains into arbitrary file write and ultimately root privilege escalation, was confirmed as actively exploited on June 24 when Defused reported honeypot exploitation activity. SSD Secure published a full technical write-up the same day showing how the WebDialer component’s handling of file:// URIs enables the attack.

Cisco has not confirmed the identity or objectives of the threat actors exploiting this vulnerability. The exploitation pattern observed on honeypots involves scanning for vulnerable instances by writing a test file to /tmp/cve-2026-20230-test.txt, which Cisco and Defused have both flagged as an indicator of compromise. The flaw only affects instances where the WebDialer service is running, and it ships disabled by default. Organizations that have confirmed WebDialer is disabled have no direct exposure to this specific vulnerability.

Recommended actions

Disable the WebDialer service on any Cisco Unified CM or Unified CM SME instance where patching cannot be completed before the June 28 deadline. Disabling WebDialer completely removes the attack surface for this specific flaw.
Patch Cisco Unified CM to Release 14SU6 or Release 15SU5. The CISA federal deadline is June 28. Private sector organizations should treat this timeline as urgent given confirmed active exploitation.
Check for /tmp/cve-2026-20230-test.txt on any Unified CM instance where WebDialer was enabled and internet-accessible since June 24. Its presence confirms that the scanning payload reached the server and that a file write was successful.
Audit Unified CM web application directories for unexpected .jsp or .php files, which would indicate webshell deployment beyond the initial reconnaissance scanning activity.

Derived from CISA KEV catalog entry for CVE-2026-20230 and Cyber Security News reporting, June 25–26, 2026.

Still watching

Aging items · days 2–5

Items here remain operationally relevant but have no significant new developments. They drop off after 7 days.

Cordyceps GitHub Actions supply chain flaw (Issue 72). Named examples at Microsoft, Google, Apache, Cloudflare fixed. Pattern continues across millions of repositories. Audit CI/CD workflow trust boundaries. AI-generated YAML reproduces the insecure pattern. Day 2

FortiBleed (Issues 68–71). Russian IAB, multi-vendor, 19,000 active sniffers as of June 24. Patch, invalidate sessions, rotate credentials, audit for troot-style rogue accounts. Operation continues. Day 5

Cross-source standouts

The DirtyFrag family illustrates that a patched vulnerability class is not a closed one

DirtyFrag was patched. Fragnesia bypassed the DirtyFrag patch by finding a different flag-dropping path. The DirtyFrag patches were expanded. DirtyClone bypasses the expanded patches by exploiting yet another fragment-transfer helper that was not covered. JFrog explicitly states that the underlying problem is architectural: Linux zero-copy networking lets file-backed memory serve as packet data, and a single dropped metadata flag anywhere in a large set of fragment-handling functions turns a performance optimization into a root write primitive. The Linux kernel team has now patched five CVEs in this family across roughly two months. JFrog believes additional variants in code paths not yet audited remain possible. Organizations treating the original DirtyFrag patch as closing this exposure should verify their kernel includes all five CVEs in the family, not just the one that prompted the initial kernel update.

PTC Windchill reaching CISA KEV is a signal about industrial software as an attack surface

CISA described the Windchill KEV addition as the first-ever PTC product vulnerability in the catalog. PTC Windchill manages product design, engineering, and manufacturing data in exactly the industries that are most sensitive to intellectual property theft: aerospace, defense, automotive, and industrial manufacturing. The fact that this class of software has not historically attracted the attacker attention that enterprise IT platforms have received does not mean it is inherently more secure. It reflects attacker priority at a given moment in time. As geopolitical tensions focus attacker resources on defense industrial base targets, product lifecycle management systems holding engineering specifications and design data are the logical repository to target. The specific CVSS 9.3 and unauthenticated attack vector, combined with confirmed active exploitation, suggest this was an opportunistic exploitation campaign against a newly patched flaw, not a targeted intrusion. Both possibilities are concerning for different reasons.