CVE Stalker: CVE-2026-12569

CVE Details

CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability

Published: 2026-06-25 CVSS: 9.3 CRITICAL Product: PTC Windchill and FlexPLM Due Date: 2026-06-28

PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

No GitHub PoC data.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

Score: 9.3
Severity: CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:C/U:Red

SSVC

Exploitation: active
Automatable: yes
Technical Impact: total

References

https://www.ptc.com/en/support/article/CS473270

Show Raw Data

Key	Remaining Key	Value
dataType		CVE_RECORD
dataVersion		5.2
cveMetadata >	cveId	CVE-2026-12569
cveMetadata >	assignerOrgId	0b655efc-079c-4cb9-9e8d-164871239f4e
cveMetadata >	state	PUBLISHED
cveMetadata >	assignerShortName	PTC
cveMetadata >	dateReserved	2026-06-18T00:02:58.904Z
cveMetadata >	datePublished	2026-06-18T00:11:35.241Z
cveMetadata >	dateUpdated	2026-06-25T20:21:31.206Z
containers >	cna > providerMetadata > orgId	0b655efc-079c-4cb9-9e8d-164871239f4e
containers >	cna > providerMetadata > shortName	PTC
containers >	cna > providerMetadata > dateUpdated	2026-06-18T00:11:35.241Z
containers >	cna > title	Remote Code Execution (RCE) vulnerability in Windchill PDMlink
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > cweId	CWE-20
containers >	cna > problemTypes > 0 > descriptions > 0 > description	CWE-20 Improper input validation
containers >	cna > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	cna > problemTypes > 1 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 1 > descriptions > 0 > cweId	CWE-502
containers >	cna > problemTypes > 1 > descriptions > 0 > description	CWE-502 Deserialization of untrusted data
containers >	cna > problemTypes > 1 > descriptions > 0 > type	CWE
containers >	cna > impacts > 0 > capecId	CAPEC-586
containers >	cna > impacts > 0 > descriptions > 0 > lang	en
containers >	cna > impacts > 0 > descriptions > 0 > value	CAPEC-586 Object Injection
containers >	cna > impacts > 1 > capecId	CAPEC-153
containers >	cna > impacts > 1 > descriptions > 0 > lang	en
containers >	cna > impacts > 1 > descriptions > 0 > value	CAPEC-153 Input Data Manipulation
containers >	cna > affected > 0 > vendor	PTC
containers >	cna > affected > 0 > product	Windchill PDMLink
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > version	0
containers >	cna > affected > 0 > versions > 0 > lessThanOrEqual	11.0 M030
containers >	cna > affected > 0 > versions > 0 > versionType	semver
containers >	cna > affected > 0 > versions > 1 > status	affected
containers >	cna > affected > 0 > versions > 1 > version	11.1 M020
containers >	cna > affected > 0 > versions > 2 > status	affected
containers >	cna > affected > 0 > versions > 2 > version	11.2.1.0
containers >	cna > affected > 0 > versions > 3 > status	affected
containers >	cna > affected > 0 > versions > 3 > version	12.0.2.0
containers >	cna > affected > 0 > versions > 4 > status	affected
containers >	cna > affected > 0 > versions > 4 > version	12.1.2.0
containers >	cna > affected > 0 > versions > 5 > status	affected
containers >	cna > affected > 0 > versions > 5 > version	13.0.2.0
containers >	cna > affected > 0 > versions > 6 > status	affected
containers >	cna > affected > 0 > versions > 6 > version	13.1.0.0
containers >	cna > affected > 0 > versions > 7 > status	affected
containers >	cna > affected > 0 > versions > 7 > version	13.1.1.0
containers >	cna > affected > 0 > versions > 8 > status	affected
containers >	cna > affected > 0 > versions > 8 > version	13.1.2.0
containers >	cna > affected > 0 > versions > 9 > status	affected
containers >	cna > affected > 0 > versions > 9 > version	13.1.3.0
containers >	cna > affected > 0 > defaultStatus	unaffected
containers >	cna > affected > 1 > vendor	PTC
containers >	cna > affected > 1 > product	FlexPLM
containers >	cna > affected > 1 > versions > 0 > status	affected
containers >	cna > affected > 1 > versions > 0 > version	0
containers >	cna > affected > 1 > versions > 0 > lessThanOrEqual	11.0 M030
containers >	cna > affected > 1 > versions > 0 > versionType	semver
containers >	cna > affected > 1 > versions > 1 > status	affected
containers >	cna > affected > 1 > versions > 1 > version	11.1 M020
containers >	cna > affected > 1 > versions > 2 > status	affected
containers >	cna > affected > 1 > versions > 2 > version	11.2.1.0
containers >	cna > affected > 1 > versions > 3 > status	affected
containers >	cna > affected > 1 > versions > 3 > version	12.0.0.0
containers >	cna > affected > 1 > versions > 4 > status	affected
containers >	cna > affected > 1 > versions > 4 > version	12.0.2.0
containers >	cna > affected > 1 > versions > 5 > status	affected
containers >	cna > affected > 1 > versions > 5 > version	12.1.2.0
containers >	cna > affected > 1 > versions > 6 > status	affected
containers >	cna > affected > 1 > versions > 6 > version	12.1.3.0
containers >	cna > affected > 1 > versions > 7 > status	affected
containers >	cna > affected > 1 > versions > 7 > version	13.0.2.0
containers >	cna > affected > 1 > versions > 8 > status	affected
containers >	cna > affected > 1 > versions > 8 > version	13.0.3.0
containers >	cna > affected > 1 > defaultStatus	unaffected
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030
containers >	cna > descriptions > 0 > supportingMedia > 0 > type	text/html
containers >	cna > descriptions > 0 > supportingMedia > 0 > base64	False
containers >	cna > descriptions > 0 > supportingMedia > 0 > value	A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. <div><ul><li>This advisory also applies to all CPS versions</li><li>The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030</li></ul></div>
containers >	cna > references > 0 > url	https://www.ptc.com/en/support/article/CS473270
containers >	cna > references > 0 > tags > 0	vendor-advisory
containers >	cna > references > 0 > tags > 1	mitigation
containers >	cna > references > 0 > tags > 2	permissions-required
containers >	cna > metrics > 0 > format	CVSS
containers >	cna > metrics > 0 > scenarios > 0 > lang	en
containers >	cna > metrics > 0 > scenarios > 0 > value	GENERAL
containers >	cna > metrics > 0 > cvssV4_0 > attackVector	NETWORK
containers >	cna > metrics > 0 > cvssV4_0 > attackComplexity	LOW
containers >	cna > metrics > 0 > cvssV4_0 > attackRequirements	NONE
containers >	cna > metrics > 0 > cvssV4_0 > privilegesRequired	NONE
containers >	cna > metrics > 0 > cvssV4_0 > userInteraction	NONE
containers >	cna > metrics > 0 > cvssV4_0 > vulnConfidentialityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > subConfidentialityImpact	LOW
containers >	cna > metrics > 0 > cvssV4_0 > vulnIntegrityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > subIntegrityImpact	LOW
containers >	cna > metrics > 0 > cvssV4_0 > vulnAvailabilityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > subAvailabilityImpact	LOW
containers >	cna > metrics > 0 > cvssV4_0 > exploitMaturity	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > Safety	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > Automatable	YES
containers >	cna > metrics > 0 > cvssV4_0 > Recovery	USER
containers >	cna > metrics > 0 > cvssV4_0 > valueDensity	CONCENTRATED
containers >	cna > metrics > 0 > cvssV4_0 > vulnerabilityResponseEffort	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > providerUrgency	RED
containers >	cna > metrics > 0 > cvssV4_0 > version	4.0
containers >	cna > metrics > 0 > cvssV4_0 > baseSeverity	CRITICAL
containers >	cna > metrics > 0 > cvssV4_0 > baseScore	9.3
containers >	cna > metrics > 0 > cvssV4_0 > vectorString	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:C/U:Red
containers >	cna > source > discovery	UNKNOWN
containers >	cna > x_generator > engine	Vulnogram 1.0.2
containers >	adp > 0 > references > 0 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569
containers >	adp > 0 > references > 0 > tags > 0	government-resource
containers >	adp > 0 > metrics > 0 > other > type	ssvc
containers >	adp > 0 > metrics > 0 > other > content > timestamp	2026-06-25T19:50:04.428642Z
containers >	adp > 0 > metrics > 0 > other > content > id	CVE-2026-12569
containers >	adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation	active
containers >	adp > 0 > metrics > 0 > other > content > options > 1 > Automatable	yes
containers >	adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact	total
containers >	adp > 0 > metrics > 0 > other > content > role	CISA Coordinator
containers >	adp > 0 > metrics > 0 > other > content > version	2.0.3
containers >	adp > 0 > title	CISA ADP Vulnrichment
containers >	adp > 0 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 0 > providerMetadata > shortName	CISA-ADP
containers >	adp > 0 > providerMetadata > dateUpdated	2026-06-25T20:21:31.206Z