CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The i...
CVE-2026-12569CVSS 9.3CISA KEVKnown Exploited

CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The i...

CVSS
9.3 CRITICAL
EPSS
61.82%
Known exploited
yes
Product
Windchill and FlexPLM

What is known

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030

Sources