HOMEVULNERABILITIESCVE-2026-4681
CRITICAL

CVE-2026-4681

CWE-94Published: March 23, 2026· Updated: Mar 24, 2026

9.3
CVSS v3.1
EPSS:0.38%probability of exploitation in 30 daysPercentile:59.2th

Official Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.

This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.

NVD Source

Technical Analysis

CVE-2026-4681 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Red

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-4681

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
The Hacker News· Jun 30, 2026

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allows [xlite_meta score:59 src:The Hacker News xlite_fp:c0276eef1d6870cf45684baba7b406b946066c8809e881f793e54459e4c3ad7d]

Hackers now exploit critical Oracle E-Business flaw in attacks
BleepingComputer· Jun 29, 2026

Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...] [xlite_meta score:64 src:BleepingComputer xlite_fp:5b024008b1da243c5715ee9c7f4eae952afc39e2d979ccab397962ba69b9dc62]

CISA Flags Critical PTC Vulnerability That Had German Police Mobilized
SecurityWeek· Mar 27, 2026

Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek. [xlite_meta score:50 src:SecurityWeek xlite_fp:027c4300a3f62c475db2e08298d6acf23c99152764cd9d247d855771b1b9ed49]

PTC Windchill Product Lifecycle Management
CISA Alerts· Mar 26, 2026

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. The following versions of PTC Windchill Product Lifecycle Management are affected: Windchill PDMLink 11.0_M030 (CVE-2026-4681) Windchill PDMLink 11.1_M020 (CVE-2026-4681) Windchill PDMLink 11.2.1.0 (CVE-2026-4681) Windchill PDMLink 12.0.2.0 (CVE-2026-4681) Windchill PDMLink 12.1.2.0 (CVE-2026-4681) Windchill PDMLink 13.0.2.0 (CVE-2026-4681) Windchill PDMLink 13.1.0.0 (CVE-2026-4681) Windchill PDMLink 13.1.1.0 (CVE-2026-4681) Windchill PDMLink 13.1.2.0 (CVE-2026-4681) Windchill PDMLink 13.1.3.0 (CVE-2026-4681) FlexPLM 11.0_M030 (CVE-2026-4681) FlexPLM 11.1_M020 (CVE-2026-4681) FlexPLM 11.2.1.0 (CVE-2026-4681) FlexPLM 12.0.0.0 (CVE- [xlite_meta score:79 src:CISA Alerts xlite_fp:2e3c8d7b24294802d4b0e62a64139a6eebbd63d0c77141fdbe56ebc71097dde8]

All References (1)

Quick Facts

CVE IDCVE-2026-4681
CVSS Score9.3 / 10
SeverityCRITICAL
WeaknessCWE-94
CISA KEVNo
EPSS (30d)0.38%
PublishedMar 23, 2026

Known Threat Actors

wa
financial
B0
financial
pear
financial
core
financial

Related CVEs (CWE-94)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-4681 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.