CVE-2026-12569

Severity CVSS v4.0:
CRITICAL
Type:
CWE-20 Input Validation
Publication date:
18/06/2026
Last modified:
30/06/2026

Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions<br /> * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ptc:flexplm:*:*:*:*:*:*:*:* 11.0m030 (including)
cpe:2.3:a:ptc:flexplm:11.1m020:*:*:*:*:*:*:*
cpe:2.3:a:ptc:flexplm:11.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ptc:flexplm:12.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ptc:flexplm:12.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ptc:flexplm:12.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ptc:flexplm:13.0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ptc:flexplm:13.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ptc:windchill_pdmlink:*:*:*:*:*:*:*:* 11.0m030 (excluding)
cpe:2.3:a:ptc:windchill_pdmlink:11.0m030:-:*:*:*:*:*:*
cpe:2.3:a:ptc:windchill_pdmlink:11.1m020:-:*:*:*:*:*:*
cpe:2.3:a:ptc:windchill_pdmlink:11.2.1.0:-:*:*:*:*:*:*
cpe:2.3:a:ptc:windchill_pdmlink:12.0.2.0:-:*:*:*:*:*:*
cpe:2.3:a:ptc:windchill_pdmlink:12.1.2.0:-:*:*:*:*:*:*
cpe:2.3:a:ptc:windchill_pdmlink:13.0.2.0:-:*:*:*:*:*:*