First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

Threat actors have successfully exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the popular product lifecycle management (PLM) platform.

The vulnerability is tracked as CVE-2026-12569 and it affects PTC’s Windchill and FlexPLM products. The improper input validation flaw can be exploited by a remote, unauthenticated attacker to execute arbitrary code via specially crafted requests.

The cybersecurity agency CISA added the security hole to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by June 28.

SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition

This is the first-ever PTC product vulnerability added to CISA’s KEV catalog, and there do not appear to be any public reports describing the exploitation of other flaws.

Threat actors have successfully exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the popular product lifecycle management (PLM) platform.

The cybersecurity agency CISA added the security hole to its Known Exploited Vulnerabilities (KEV) catalog on Thursday, instructing federal agencies to address it by June 28.

SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition

This is the first-ever PTC product vulnerability added to CISA’s KEV catalog, and there do not appear to be any public reports describing the exploitation of other flaws.

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

Other newsrooms on this story

Related reading

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

Exploit Code Published for Critical Flowise RCE Vulnerability

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Oracle WebLogic Vulnerability Exploited in the Wild

Other newsrooms on this story

Related reading

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

Exploit Code Published for Critical Flowise RCE Vulnerability

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Oracle WebLogic Vulnerability Exploited in the Wild