CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is

The article reports that CISA has added a critical remote code execution vulnerability in PTC Windchill PDMlink and FlexPLM (CVE-2026-12569 / CVE-2026-4681) to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, allowing unauthenticated attackers to execute arbitrary code via deserialization of untrusted data.[1][3][5] This affects multiple supported and older versions of Windchill and FlexPLM and has been rated at the highest criticality levels, prompting PTC and third parties to urge immediate patching, network restriction, and potential internet disconnection for older releases.[1][2][3] From a CyberSE.AI perspective, any AI or analytics workflows, MLOps pipelines, or model-serving infrastructure that ingest or rely on PLM/PDM data from Windchill/FlexPLM inherit significant supply chain risk: a compromised PLM system can become a pivot point for lateral movement into AI infrastructure, tampering with training data, models, or SBOM baselines. Organizations should treat Windchill/FlexPLM as critical upstream dependencies, integrate them into AI SBOM and asset inventories, enforce strict network segmentation from AI workloads, and verify that model tr