Remote Code Execution Vulnerability in PTC Windchill and FlexPLM Products
CVE-2026-4681

9.3CRITICAL

Key Information:

Vendor: Ptc
Status: Windchill Pdmlink; Flexplm
Vendor: CVE Published:; 23 March 2026

What is CVE-2026-4681?

A vulnerability has been discovered in PTC Windchill and FlexPLM that allows for remote code execution when an attacker exploits the deserialization of untrusted data. This can lead to unauthorized actions on the affected systems, posing significant security risks. It is crucial for users of these products to implement mitigations as recommended by PTC to safeguard against potential exploitation.

Affected Version(s)

FlexPLM 11.0 M030

FlexPLM 11.1 M020

FlexPLM 11.2.1.0

References

https://www.ptc.com/en/about/trust-center/advisory-center...

vendor-advisorymitigation

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-4681 Data

JSON

Ptc

What is CVE-2026-4681?

Affected Version(s)

References

CVSS V4

Timeline