PTC Windchill PDMlink and PTC FlexPLM actively exploited RCE (CVE-2026-12569)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-12569 in PTC Windchill PDMlink and PTC FlexPLM was added to CISA KEV after confirmed active exploitation, exposing susceptible systems to remote code execution and JSP web shell deployment. The flaw is rated 9.3 and stems from improper input validation. PTC said patches were released last week and provided mitigation steps to help defenders block abuse and look for compromise indicators.
Related Happenings
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector Action
H score46
First: 26.06.2026 15:31
Last: 26.06.2026 15:31
Sources 1
How related:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
About this happening:
CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
CISA adds CVE-2026-12569 to KEV for PTC Windchill and FlexPLM
Public Sector ActionHow related: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
About this happening: CISA **added CVE-2026-12569** to the **KEV catalog** after finding **active exploitation** of **PTC Windchill PDMlink** and **PTC FlexPLM**, elevating the flaw to a federal remedi...
Timeline
-
26.06.2026 15:31 2 articles · 3h ago
CISA adds CVE-2026-12569 to the KEV catalog after active exploitation
Detection Ioc UpdateCISA places CVE-2026-12569, a 9.3-rated remote code execution flaw in PTC Windchill PDMlink and PTC FlexPLM, into the Known Exploited Vulnerabilities catalog after evidence of active exploitation against susceptible enterprise PDM and PLM deployments.
Show sources
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — thehackernews.com — 26.06.2026 15:31
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — thehackernews.com — 26.06.2026 15:31
-
26.06.2026 15:31 1 articles · 3h ago
PTC warns attackers are deploying JSP web shells against Windchill and FlexPLM systems
Technical Analysis UpdatePTC says it has received continued reports of heightened threat activity and that unknown attackers are exploiting CVE-2026-12569 to deploy JSP web shells on susceptible Windchill systems; the company also published IoCs, including attacker IPs, `/Windchill/login/[0-9a-f]{16}.jsp`, and mitigation steps such as blocking 5.180.41.35, searching logs for POST requests to `/Windchill/login/*.jsp`, and checking for `flst.txt`.
Show sources
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue — thehackernews.com — 26.06.2026 15:31