CRITICALCVE-2026-4681Published Modified CNA PTC
CVE-2026-4681: Critical Remote Code Execution vulnerability reported in Windchill
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 2
Affected packages
- PTC / Windchill PDMLink11.0 M030 · 11.1 M020 · 11.2.1.0 · 12.0.2.0 · 12.1.2.0 · 13.0.2.0
- PTC / FlexPLM11.0 M030 · 11.1 M020 · 11.2.1.0 · 12.0.0.0 · 12.0.2.0 · 12.0.3.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:C/RE:M/U:RedReferences