Critical RCE Vulnerability in PTC Windchill and FlexPLM Under Active Exploitation

Hackers are exploiting a critical vulnerability in PTC Windchill and FlexPLM, tracked as CVE-2026-12569, which allows remote code execution due to an unsafe deserialization flaw. This vulnerability affects product lifecycle management systems used across various industries, including defense and aerospace. PTC released patches on June 17, 2026, but reports of active exploitation have surged, prompting the US CISA to add it to its Known Exploited Vulnerabilities catalog on June 25. Organizations are urged to apply patches immediately to mitigate risks of data theft and system compromise. The vulnerability has a CVSS severity score of 9.3, indicating a high level of danger. Indicators of compromise have been shared, and organizations are advised to enhance monitoring capabilities.

Key Points: • CVE-2026-12569 allows remote code execution in PTC Windchill and FlexPLM software. • Active exploitation has been confirmed, prompting urgent patching recommendations. • PTC has provided indicators of compromise to help organizations detect potential intrusions.