CVE-2026-12569 – PTC Windchill PDMLink
“A deserialization bug in a product lifecycle platform can quickly become a full enterprise compromise.”
PTC Windchill PDMLink has been updated to address CVE-2026-12569. This vulnerability has a CVSS score of 9.3, which is Critical severity. The issue stems from the deserialization of untrusted data and can allow remote code execution on affected systems. The vulnerability impacts Windchill PDMLink, PTC FlexPLM, all CPS versions, and Windchill and FlexPLM releases prior to version 11.0 M030.
This vulnerability is reported as being under active exploitation, making it a high-priority security issue. Organizations should prioritize deployment of the available security update to reduce the risk of remote system compromise and unauthorized code execution.
Key Details
- Affected Product
- Ptc Flexplm
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-20