Skip to content

PTC Windchill: Critical Remote Code Execution Vulnerability Under Active Exploitation

Key Point: The critical deserialization vulnerability CVE-2026-12569 in PTC Windchill PDMLink is being actively exploited; attackers are installing web shells and targeting sensitive design and engineering data in defense, aerospace, and automotive sectors.

Attackers are currently exploiting a vulnerability classified as CVE-2026-12569 in PTC Windchill and FlexPLM, two PLM systems with over 1.5 million users worldwide. The vulnerability enables remote code execution and is rated CVSS 9.3.

Vulnerability CVE-2026-12569 affects the web-based PDMLink component of Windchill and is an unsafe deserialization flaw with a CVSS rating of 9.3. It enables remote code execution without authentication. PTC informed customers on June 17 and subsequently released patches for versions 13.1.1, 13.0.2, 12.1.2, 12.0.2, 11.2.1, 11.1 M020, and 11.0 M030.

PTC warned the following Thursday of increased threat activity and updated compromise indicators. Reports show that attackers are deploying web shells on compromised instances to establish persistent backdoor access. On the same day, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its catalog of known exploited vulnerabilities.

PLM systems are critical for enterprises: they manage the entire product lifecycle from design to retirement and store CAD designs, bills of materials, engineering data, and workflows. Windchill has been in use for 28 years and is employed by corporations such as BMW, Lockheed Martin, Boeing, and NVIDIA. FlexPLM is a variant for retail, textiles, footwear, and consumer goods industries.

Active exploits of PLM software are rare but understandable: these systems contain highly sensitive intellectual property and operate in sectors such as defense and aerospace that are attractive targets for cyber espionage and extortion. The German Federal Office for Information Security (BSI) already warned in March about a different Windchill zero-day vulnerability and personally informed German companies overnight due to reliable intelligence about planned cyberattacks.


Source: www.csoonline.com · Published June 27, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.

Share on: