Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Windchill and FlexPLM deserialization RCE (CVE-2026-4681)

Vulnerability
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-4681 is a critical deserialization flaw in PTC Windchill and FlexPLM that could enable remote code execution across most supported versions. PTC says it is actively developing security patches while urging administrators to apply a temporary Apache/IIS rule and broader mitigations for deployments, including file/replica servers. The warning prompted an urgent response from German authorities/BKA, which reportedly told affected companies there was an imminent threat.

Related Happenings

CISA KEV directive for CVE-2026-20133

Public Sector Action
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

CISA urgent mitigation order for Cisco FMC CVE-2026-20131

Advisory/Mitigation
First: 23.03.2026 12:30 Last: 23.03.2026 12:30 Sources 1

About this happening: **CISA** ordered **federal civilian agencies** to patch **CVE-2026-20131** in **Cisco Secure Firewall Management Center (FMC)** within **three days** or discontinue use if mitigat...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

Timeline

  1. 25.03.2026 01:04 2 articles · 2mo ago

    PTC warns of critical CVE-2026-4681 in Windchill and FlexPLM

    Initial Disclosure

    PTC Inc. warns of a critical CVE-2026-4681 in Windchill and FlexPLM that can enable remote code execution through deserialization of trusted data. The vendor says it is actively developing security patches for supported Windchill versions, recommends a temporary Apache/IIS rule and broader isolation steps for Windchill, FlexPLM, and file/replica servers, and has published IoCs and detection guidance including checks for GW.class, payload.bin, dpr_<random>.jsp, run?p=, .jsp?c=, and GW_READY_OK. PTC says it has no evidence of exploitation against PTC customers, while German BKA officers reportedly alerted affected companies and state criminal investigation offices about an imminent threat.

    Show sources
    Open in new tab