CVE-2026-12569
PTC Windchill and FlexPLM Improper Input Validation Vulnerability - [Actively Exploited]
Description
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030
INFO
Published Date :
June 18, 2026, 1:18 a.m.
Last Modified :
June 30, 2026, 6:16 p.m.
Remotely Exploit :
Yes !
Source :
0b655efc-079c-4cb9-9e8d-164871239f4e
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Unknown
https://www.ptc.com/en/support/article/CS473270 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-12569
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | CRITICAL | 0b655efc-079c-4cb9-9e8d-164871239f4e | ||||
| CVSS 4.0 | CRITICAL | 0b655efc-079c-4cb9-9e8d-164871239f4e |
Solution
- Apply the latest security patch or update from PTC.
- Ensure all affected CPS versions are updated.
- Verify the security configuration for deserialization.
Public PoC/Exploit Available at Github
CVE-2026-12569 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-12569.
| URL | Resource |
|---|---|
| https://www.ptc.com/en/support/article/CS473270 | Permissions Required |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-12569 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-12569
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Awesome Splunk SPL hunt queries that can be used to detect the latest vulnerability exploitation attempts & subsequent compromise
detection splunk bpfdoor vulnerability text4shell detection-engineering esxi-malware esxi-ransomware rtm-locker arcanedoor line-runner cve-2024-20353 cve-2024-20359 line-dancer cve-2026-12569
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-12569 vulnerability anywhere in the article.
-
TheCyberThrone
When PLM Becomes a Threat Surface: KEV Entry Matters Beyond IT
For years, Product Lifecycle Management (PLM) platforms have quietly sat at the heart of manufacturing ecosystems — managing designs, engineering workflows, product data, and supplier collaboration.Th ... Read more
-
The Hacker News
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Dat ... Read more
-
security.nl
Kritiek lek in PTC Windchill en FlexPLM actief misbruikt bij aanvallen
Een kritieke kwetsbaarheid in PTC Windchill en FlexPLM wordt actief bij aanvallen misbruikt, zo waarschuwen het Amerikaanse cyberagentschap CISA en PTC. Via het beveiligingslek (CVE-2026-12569) is rem ... Read more
The following table lists the changes that have been made to the
CVE-2026-12569 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 30, 2026
Action Type Old Value New Value Changed SSVC {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T00:00:00+00:00'} {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-26T03:56:12.541322Z'} -
Initial Analysis by [email protected]
Jun. 26, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:ptc:flexplm:11.2.1.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:flexplm:12.0.0.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:flexplm:12.0.2.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:flexplm:12.1.3.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:flexplm:13.0.2.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:flexplm:13.0.3.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:flexplm:*:*:*:*:*:*:*:* versions up to (including) 11.0m030 *cpe:2.3:a:ptc:flexplm:11.1m020:*:*:*:*:*:*:* Added CPE Configuration OR *cpe:2.3:a:ptc:windchill_pdmlink:13.1.0.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:13.1.2.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:13.1.3.0:*:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:11.1m020:-:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:11.2.1.0:-:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:12.0.2.0:-:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:12.1.2.0:-:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:13.0.2.0:-:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:13.1.1.0:-:*:*:*:*:*:* *cpe:2.3:a:ptc:windchill_pdmlink:*:*:*:*:*:*:*:* versions up to (excluding) 11.0m030 *cpe:2.3:a:ptc:windchill_pdmlink:11.0m030:-:*:*:*:*:*:* Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 Types: US Government Resource Added Reference Type PTC: https://www.ptc.com/en/support/article/CS473270 Types: Permissions Required -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 26, 2026
Action Type Old Value New Value Changed SSVC {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T19:50:04.428642Z'} {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T00:00:00+00:00'} -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Jun. 25, 2026
Action Type Old Value New Value Added Date Added 2026-06-25 Added Due Date 2026-06-25 Added Required Action 2026-06-25 Added Vulnerability Name 2026-06-25 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 25, 2026
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 Changed SSVC {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-18T13:04:49.552005Z'} {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'active'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T19:50:04.428642Z'} -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 18, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-12569', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'yes'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-18T13:04:49.552005Z'} -
New CVE Received by 0b655efc-079c-4cb9-9e8d-164871239f4e
Jun. 18, 2026
Action Type Old Value New Value Added Affected [{'vendor': 'PTC', 'product': 'Windchill PDMLink', 'versions': [{'status': 'affected', 'version': '0', 'versionType': 'semver', 'lessThanOrEqual': '11.0 M030'}, {'status': 'affected', 'version': '11.1 M020'}, {'status': 'affected', 'version': '11.2.1.0'}, {'status': 'affected', 'version': '12.0.2.0'}, {'status': 'affected', 'version': '12.1.2.0'}, {'status': 'affected', 'version': '13.0.2.0'}, {'status': 'affected', 'version': '13.1.0.0'}, {'status': 'affected', 'version': '13.1.1.0'}, {'status': 'affected', 'version': '13.1.2.0'}, {'status': 'affected', 'version': '13.1.3.0'}], 'defaultStatus': 'unaffected'}, {'vendor': 'PTC', 'product': 'FlexPLM', 'versions': [{'status': 'affected', 'version': '0', 'versionType': 'semver', 'lessThanOrEqual': '11.0 M030'}, {'status': 'affected', 'version': '11.1 M020'}, {'status': 'affected', 'version': '11.2.1.0'}, {'status': 'affected', 'version': '12.0.0.0'}, {'status': 'affected', 'version': '12.0.2.0'}, {'status': 'affected', 'version': '12.1.2.0'}, {'status': 'affected', 'version': '12.1.3.0'}, {'status': 'affected', 'version': '13.0.2.0'}, {'status': 'affected', 'version': '13.0.3.0'}], 'defaultStatus': 'unaffected'}] Added Description A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030 Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:Red Added CWE CWE-20 Added CWE CWE-502 Added Reference https://www.ptc.com/en/support/article/CS473270