CVE-2026-4681
CWE-94Published: March 23, 2026· Updated: Mar 24, 2026
Official Description
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.
This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
Technical Analysis
CVE-2026-4681 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-4681
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allows [xlite_meta score:59 src:The Hacker News xlite_fp:c0276eef1d6870cf45684baba7b406b946066c8809e881f793e54459e4c3ad7d]
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...] [xlite_meta score:64 src:BleepingComputer xlite_fp:5b024008b1da243c5715ee9c7f4eae952afc39e2d979ccab397962ba69b9dc62]
Police in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek. [xlite_meta score:50 src:SecurityWeek xlite_fp:027c4300a3f62c475db2e08298d6acf23c99152764cd9d247d855771b1b9ed49]
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution. The following versions of PTC Windchill Product Lifecycle Management are affected: Windchill PDMLink 11.0_M030 (CVE-2026-4681) Windchill PDMLink 11.1_M020 (CVE-2026-4681) Windchill PDMLink 11.2.1.0 (CVE-2026-4681) Windchill PDMLink 12.0.2.0 (CVE-2026-4681) Windchill PDMLink 12.1.2.0 (CVE-2026-4681) Windchill PDMLink 13.0.2.0 (CVE-2026-4681) Windchill PDMLink 13.1.0.0 (CVE-2026-4681) Windchill PDMLink 13.1.1.0 (CVE-2026-4681) Windchill PDMLink 13.1.2.0 (CVE-2026-4681) Windchill PDMLink 13.1.3.0 (CVE-2026-4681) FlexPLM 11.0_M030 (CVE-2026-4681) FlexPLM 11.1_M020 (CVE-2026-4681) FlexPLM 11.2.1.0 (CVE-2026-4681) FlexPLM 12.0.0.0 (CVE- [xlite_meta score:79 src:CISA Alerts xlite_fp:2e3c8d7b24294802d4b0e62a64139a6eebbd63d0c77141fdbe56ebc71097dde8]
All References (1)
Quick Facts
Known Threat Actors
Related CVEs (CWE-94)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4681 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts