CVE-2026-12569

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.ptc.com/en/support/article/CS473270	Permissions Required
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ptc:flexplm::::::::
	cpe:2.3:a:ptc:flexplm:11.1m020:::::::*
	cpe:2.3:a:ptc:flexplm:11.2.1.0:::::::*
	cpe:2.3:a:ptc:flexplm:12.0.0.0:::::::*
	cpe:2.3:a:ptc:flexplm:12.0.2.0:::::::*
	cpe:2.3:a:ptc:flexplm:12.1.3.0:::::::*
	cpe:2.3:a:ptc:flexplm:13.0.2.0:::::::*
	cpe:2.3:a:ptc:flexplm:13.0.3.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ptc:windchill_pdmlink::::::::
	cpe:2.3:a:ptc:windchill_pdmlink:11.0m030:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:11.1m020:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:11.2.1.0:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:12.0.2.0:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:12.1.2.0:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:13.0.2.0:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:13.1.0.0:::::::*
	cpe:2.3:a:ptc:windchill_pdmlink:13.1.1.0:-::::::
	cpe:2.3:a:ptc:windchill_pdmlink:13.1.2.0:::::::*
	cpe:2.3:a:ptc:windchill_pdmlink:13.1.3.0:::::::*

History

26 Jun 2026, 14:35

Type	Values Removed	Values Added
First Time		Ptc Ptc flexplm Ptc windchill Pdmlink
CPE		cpe:2.3:a:ptc:flexplm:11.1m020:::::::* cpe:2.3:a:ptc:windchill_pdmlink:13.1.1.0:-:::::: cpe:2.3:a:ptc:windchill_pdmlink:::::::: cpe:2.3:a:ptc:flexplm:12.0.0.0:::::::* cpe:2.3:a:ptc:windchill_pdmlink:13.0.2.0:-:::::: cpe:2.3:a:ptc:windchill_pdmlink:13.1.2.0:::::::* cpe:2.3:a:ptc:flexplm:13.0.3.0:::::::* cpe:2.3:a:ptc:windchill_pdmlink:13.1.0.0:::::::* cpe:2.3:a:ptc:flexplm:12.0.2.0:::::::* cpe:2.3:a:ptc:windchill_pdmlink:11.2.1.0:-:::::: cpe:2.3:a:ptc:windchill_pdmlink:12.0.2.0:-:::::: cpe:2.3:a:ptc:windchill_pdmlink:11.1m020:-:::::: cpe:2.3:a:ptc:flexplm:13.0.2.0:::::::* cpe:2.3:a:ptc:flexplm:12.1.3.0:::::::* cpe:2.3:a:ptc:windchill_pdmlink:13.1.3.0:::::::* cpe:2.3:a:ptc:flexplm:::::::: cpe:2.3:a:ptc:flexplm:11.2.1.0:::::::* cpe:2.3:a:ptc:windchill_pdmlink:11.0m030:-:::::: cpe:2.3:a:ptc:windchill_pdmlink:12.1.2.0:-::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~() https://www.ptc.com/en/support/article/CS473270 -~~	() https://www.ptc.com/en/support/article/CS473270 - Permissions Required
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 - US Government Resource

25 Jun 2026, 20:17

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 -

18 Jun 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-18 01:18

Updated : 2026-06-26 14:35

NVD link : CVE-2026-12569

Mitre link : CVE-2026-12569

CVE.ORG link : CVE-2026-12569

JSON object : View

Products Affected

ptc

windchill_pdmlink
flexplm

CWE

CWE-20

Improper Input Validation

CWE-502

Deserialization of Untrusted Data

9.8 /10