CVE-2026-12569: PTC Windchill And FlexPLM

What is CVE-2026-12569?

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

CVSSawaiting NVD

Exploitation In the wild In CISA KEV

EPSS<1% · P39

Triage statusActive Exploit

ActionPatch immediately

CISA Known Exploited Vulnerability

PTC Windchill and FlexPLM Improper Input Validation Vulnerability

Added to KEV2026-06-25

Federal patch deadline2026-06-28

Known ransomware useUnknown

Affected product

PTC Windchill And FlexPLM

Remediation Steps

Apply PTC security updates to affected Windchill and Flex deployments
Prioritize patching for internet-facing or externally accessible instances
Review authentication logs for unauthorized access attempts
Implement network segmentation to isolate PLM (Product Lifecycle Management) systems

References

Coverage on defend.network

Vulnerability Priority Report – Week 4 of June 2026 (June 22 – 28)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.