CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-12569 to the KEV catalog after finding active exploitation of PTC Windchill PDMlink and PTC FlexPLM, elevating the flaw to a federal remediation priority. The listed issue is a 9.3 RCE that can let attackers run code on susceptible systems. PTC said attackers are using the flaw to deploy JSP web shells.
Related Happenings
PTC Windchill PDMlink and PTC FlexPLM actively exploited RCE (CVE-2026-12569)
Vulnerability
H score43
First: 26.06.2026 15:31
Last: 26.06.2026 15:31
Sources 1
How related:
The vulnerability in question is CVE-2026-12569 (CVSS score: 9.3), a case of improper input validation that could allow an attacker to execute arbitrary code by sending a malicious request to the network.
About this happening:
**CVE-2026-12569** in **PTC Windchill PDMlink** and **PTC FlexPLM** was added to **CISA KEV** after confirmed **active exploitation**, exposing susceptible systems to **remote cod...
PTC Windchill PDMlink and PTC FlexPLM actively exploited RCE (CVE-2026-12569)
VulnerabilityHow related: The vulnerability in question is CVE-2026-12569 (CVSS score: 9.3), a case of improper input validation that could allow an attacker to execute arbitrary code by sending a malicious request to the network.
About this happening: **CVE-2026-12569** in **PTC Windchill PDMlink** and **PTC FlexPLM** was added to **CISA KEV** after confirmed **active exploitation**, exposing susceptible systems to **remote cod...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
Vulnerability
H score35
First: 14.05.2026 10:06
Last: 14.05.2026 10:06
Sources 1
About this happening:
**Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Linux kernel XFRM ESP-in-TCP local privilege escalation (CVE-2026-46300)
VulnerabilityAbout this happening: **Fragnesia** adds a fresh **Linux kernel** local privilege-escalation path, putting **unprivileged local attackers** on a route to **root access** across major distributions. The...
Latest development: 14.05.2026 16:00
Cloud security firm Wiz identified Fragnesia (CVE-2026-46300) in the Dirty Frag family, a Linux local privilege escalation that lets unprivileged local users gain root by corrupting the kernel page cache of read-only files. William Bowling of Zellic and the V12 team were credited with the discovery, and a working proof-of-concept exploit was published on May 13, 2026.
Weaver E-cology 10.0 unauthenticated RCE flaw (CVE-2026-22679)
Vulnerability
H score46
First: 05.05.2026 01:12
Last: 05.05.2026 01:12
Sources 1
About this happening:
**CVE-2026-22679** exposed **Weaver E-cology 10.0** to unauthenticated remote code execution on builds prior to **March 12**, allowing attackers to run system commands on the serv...
Weaver E-cology 10.0 unauthenticated RCE flaw (CVE-2026-22679)
VulnerabilityAbout this happening: **CVE-2026-22679** exposed **Weaver E-cology 10.0** to unauthenticated remote code execution on builds prior to **March 12**, allowing attackers to run system commands on the serv...
Latest development: 05.05.2026 10:37
Evidence of active abuse against Weaver (Fanwei) E-cology CVE-2026-22679 dates to March 17, 2026, with QiAnXin also saying it reproduced the unauthenticated remote code execution flaw that day in its alert.
Cisco ASA/FTD code execution and authentication bypass flaws (multiple vulnerabilities)
Vulnerability
H score88
First: 24.04.2026 20:06
Last: 24.04.2026 20:06
Sources 1
About this happening:
**Cisco ASA/FTD** vulnerabilities **CVE-2025-20333** and **CVE-2025-20362** are still under **active exploitation** and can be chained for **unauthenticated remote control** of af...
Cisco ASA/FTD code execution and authentication bypass flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **Cisco ASA/FTD** vulnerabilities **CVE-2025-20333** and **CVE-2025-20362** are still under **active exploitation** and can be chained for **unauthenticated remote control** of af...
Windchill and FlexPLM deserialization RCE (CVE-2026-4681)
Vulnerability
H score28
First: 25.03.2026 01:04
Last: 25.03.2026 01:04
Sources 1
About this happening:
**CVE-2026-4681** is a critical **deserialization** flaw in **PTC Windchill** and **FlexPLM** that could enable **remote code execution** across most supported versions. PTC says...
Windchill and FlexPLM deserialization RCE (CVE-2026-4681)
VulnerabilityAbout this happening: **CVE-2026-4681** is a critical **deserialization** flaw in **PTC Windchill** and **FlexPLM** that could enable **remote code execution** across most supported versions. PTC says...
Timeline
-
26.06.2026 15:31 1 articles · 3h ago
PTC confirms JSP web shell exploitation of CVE-2026-12569
Exploitation ObservedPTC said that as of June 25 it had received continued reports of heightened threat activity and that unknown attackers were exploiting CVE-2026-12569 against susceptible PTC Windchill PDMlink and PTC FlexPLM systems to deploy JSP web shells. PTC also released IoCs including 5.180.41.35 and /Windchill/login/[0-9a-f]{16}.jsp.
Show sources
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — thehackernews.com — 26.06.2026 15:31
-
26.06.2026 15:31 2 articles · 3h ago
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Legal Policy Action UpdateThe U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-12569, a 9.3 remote code execution flaw in PTC Windchill PDMlink and PTC FlexPLM, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The listing makes the vulnerability a federal remediation priority for organizations running the affected PTC products.
Show sources
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — thehackernews.com — 26.06.2026 15:31
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — thehackernews.com — 26.06.2026 15:31