Critical RCE Vulnerability in Windchill and FlexPLM Triggers Urgent Alerts

Severity: High (Score: 74.8)

Sources: Thecyberexpress, Securityaffairs.Co, Bleepingcomputer, Heise.De

Summary

PTC Inc. has disclosed a critical vulnerability, CVE-2026-4681, in its Windchill and FlexPLM software that allows for remote code execution through the deserialization of trusted data. The vulnerability has been assigned a CVSS score of 10.0, indicating its severity. German authorities have taken emergency measures, dispatching federal police to warn affected companies, even those not using the software. Currently, no official patches are available, but PTC is actively developing them. Until patches are released, system administrators are advised to implement a specific mitigation strategy to deny access to the affected servlet paths. The vulnerability affects most supported versions of Windchill and FlexPLM, and there are indicators of compromise suggesting potential exploitation attempts. PTC has not confirmed any successful attacks but has warned of an imminent threat from a third-party group. The situation is critical due to the software's use in sectors like industrial manufacturing and critical supply chains. Key Points: • CVE-2026-4681 allows remote code execution in Windchill and FlexPLM software. • German authorities are actively warning companies about the vulnerability's imminent threat. • No patches are currently available; immediate mitigation measures are recommended.

Key Entities

• Malware (attack_type)
• Remote Code Execution (attack_type)
• Zero-day Exploit (attack_type)
• CVE-2026-4681 (cve)
• Manufacturing (industry)
• T1190 - Exploit Public-Facing Application (mitre_attack)
• T1505.003 - Web Shell (mitre_attack)
• Apache (platform)
• Apache HTTP Server (platform)
• FlexPLM (platform)
• IIS (platform)
• Microsoft IIS (platform)
• C818011CAFF82272F8CC50B670304748984350485383EBAD5206D507A4B44FF1 (sha256)