๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability
Summary
PTC Windchill and FlexPLM contain an improper input validation vulnerability (a failure to check user input for malicious content) that allows an unauthenticated attacker to run arbitrary code (commands of the attacker's choosing) on a remote system by sending a specially crafted request. This vulnerability is actively being exploited by real attackers.
Solution / Mitigation
Apply mitigations according to vendor instructions at https://www.ptc.com/en/support/article/CS473270, following CISA's BOD 26-04 (Prioritizing Security Updates Based on Risk) guidance. If mitigations are unavailable, discontinue use of the product. Organizations must evaluate their systems' internet exposure and meet BOD 26-04 patching deadlines by 2026-06-28.
Vulnerability Details
EPSS: 0.5%
Yes
๐ฅ Actively Exploited
June 24, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-12569
First tracked: June 25, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%