HOMEVULNERABILITIESCVE-2026-12569
CRITICALCISA KEVIN THE WILD

CVE-2026-12569

CWE-20Published: June 18, 2026· Updated: Jun 22, 2026

9.3
CVSS v3.1

Official Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions

* The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030

NVD Source

Technical Analysis

CVE-2026-12569 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CISA has added CVE-2026-12569 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:X/U:Red

Exploit & PoC Resources

ACTIVE EXPLOITATIONConfirmed exploitation in the wild
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-12569

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild
SecurityWeek· Jun 26, 2026

CISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild appeared first on SecurityWeek. [xlite_meta score:50 src:SecurityWeek xlite_fp:066db921bc2ef6c98fe7f839e863dd8143e0add40992079ff12dd1919dfb21d7]

CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Alerts· Jun 25, 2026

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remedi [xlite_meta score:51 src:CISA Alerts xlite_fp:123426c67c18958f84ff87916058273a98913b405cb50016f94c861e9fae41a0]

All References (1)

Quick Facts

CVE IDCVE-2026-12569
CVSS Score9.3 / 10
SeverityCRITICAL
WeaknessCWE-20
CISA KEVYES — Active Exploitation
ExploitIN THE WILD
PublishedJun 18, 2026

Related CVEs (CWE-20)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-12569 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
  • !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
  • !Active exploitation confirmed — treat as P1
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.