CVE-2026-12569 – PTC Windchill PDMLink

CVSS 9.8 CRITICAL Critical or Zero Day – Immediate Deployment

“A deserialization bug in a product lifecycle platform can quickly become a full enterprise compromise.”

PTC Windchill PDMLink has been updated to address CVE-2026-12569. This vulnerability has a CVSS score of 9.3, which is Critical severity. The issue stems from the deserialization of untrusted data and can allow remote code execution on affected systems. The vulnerability impacts Windchill PDMLink, PTC FlexPLM, all CPS versions, and Windchill and FlexPLM releases prior to version 11.0 M030.

This vulnerability is reported as being under active exploitation, making it a high-priority security issue. Organizations should prioritize deployment of the available security update to reduce the risk of remote system compromise and unauthorized code execution.

Key Details

Affected Product
Ptc Flexplm
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-20
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.