## Overview
CISA added CVE-2026-12569 to its Known Exploited Vulnerabilities (KEV) catalog on June 25, 2026. This vulnerability affects PTC Windchill and FlexPLM products, allowing remote code execution (RCE) through improper input validation. The addition to the KEV list signals a federal deadline for remediation efforts.
## Technical Details
The vulnerability arises from the deserialization of untrusted data. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted request to the network. This issue impacts all versions of Windchill and FlexPLM prior to 11.0 M030, as well as all CPS versions. The CVSS score for this vulnerability is 9.3, indicating a critical risk level.
## Impact
Successful exploitation of CVE-2026-12569 allows attackers to execute arbitrary code on affected systems. This could lead to unauthorized access and control over sensitive data and operations. Organizations using vulnerable versions of Windchill and FlexPLM are at significant risk, especially given the potential for widespread exploitation.
## Mitigation
Defenders should immediately update to Windchill and FlexPLM version 11.0 M030 or later. Regularly monitor for any patches or updates from PTC and ensure that all systems are running the latest software versions. Implement network security measures to detect and block malicious requests targeting these applications.
CSURFACE Threat Sensor