Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Critical Security Flaw Found in PTC Windchill and FlexPLM Software

A serious security weakness has been discovered in PTC Windchill and FlexPLM software that could allow attackers to run harmful code remotely. This vulnerability is actively being exploited, making it important for organisations using these products to act quickly.

26 June 2026

Reference: CVE-2026-12569

1. What is being reported?

Researchers have found a critical flaw in PTC’s Windchill and FlexPLM software that lets attackers execute malicious commands remotely by sending unsafe data to the system. This affects versions before 11.0 M030 and all CPS versions. The issue is known to be exploited in real attacks.

2. What this means in plain English

If your organisation uses these PTC products, attackers could take control of your system remotely, potentially leading to data loss, theft, or disruption of your business operations. This risk is serious and requires prompt attention.

3. Could this affect a small business?

Small businesses or charities using PTC Windchill or FlexPLM software, especially older versions, could be at risk. If you do not use these products, or use different software, this vulnerability does not affect you.

4. What to do now

  • Check if your organisation uses PTC Windchill or FlexPLM software and identify the version.
  • Contact your IT provider or software supplier to confirm if you are affected and ask for guidance on applying vendor-recommended mitigations or updates.
  • Apply all security updates or mitigations as soon as possible following vendor instructions.
  • If you use cloud services with these products, ensure your provider follows the latest security guidance or consider discontinuing use if no fixes are available.

5. Ask your IT provider

Can you confirm whether our PTC Windchill or FlexPLM software is affected by CVE-2026-12569, and what steps are being taken to apply the necessary security updates or mitigations?

6. Bottom line

If you use PTC Windchill or FlexPLM, act quickly to secure your systems against this actively exploited critical vulnerability.

Information based on CISA KEV, NVD and reputable security reporting.

Back to Vulnerability Briefs