Remote Code Execution in PTC Windchill PDMlink and FlexPLM
CVE-2026-12569
Key Information:
- Vendor
Ptc
- Status
- Vendor
- CVE Published:
- 18 June 2026
Badges
What is CVE-2026-12569?
CVE-2026-12569 is a critical remote code execution (RCE) vulnerability affecting PTC Windchill PDMlink and PTC FlexPLM, critical software solutions designed for product lifecycle management. These applications are widely utilized for managing product data, processes, and lifecycles within organizations. The vulnerability arises from the deserialization of untrusted data, which allows attackers to execute arbitrary code on the affected systems. If successfully exploited, this could lead to unauthorized access and control over the systems, jeopardizing sensitive information and organizational operations. This flaw not only affects the versions mentioned but also older releases prior to 11.0 M030, impacting a larger set of users relying on these products for their operations.
Potential impact of CVE-2026-12569
-
Unauthorized System Access: Exploitation of this vulnerability can grant attackers the ability to run arbitrary code on affected systems, potentially allowing them to gain administrative privileges and access confidential data.
-
Data Breaches: With the capability to execute remote code, attackers may extract sensitive information, leading to significant data breaches that can result in loss of intellectual property and regulatory repercussions for organizations.
-
Operational Disruption: The ability to compromise critical product lifecycle management systems can lead to system downtime and operational disruption, affecting an organization’s productivity and ability to deliver products or services effectively.
CISA has reported CVE-2026-12569
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-12569 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Affected Version(s)
FlexPLM 0 <= 11.0 M030
FlexPLM 11.1 M020
FlexPLM 11.2.1.0
News Articles
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited.
1 day ago
The Hacker NewsCVE-2026-12569CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
CISA added CVE-2026-12569 to its KEV catalog as attackers exploit the PTC Windchill flaw to deploy JSP web shells.
1 day ago
It Security NewsCVE-2026-12569First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild - IT Security News
CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…Read more →
2 days ago
References
CVSS V4
Timeline
- 📈
Vulnerability started trending
- 📰
First article discovered by It Security News
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved