A critical vulnerability, identified as CVE-2026-4681, has been discovered in PTC's Windchill and FlexPLM software, posing a significant threat to organizations that use these products. The flaw, which has a CVSS score of 10.0, is a Remote Code Execution (RCE) issue that could be exploited by attackers to gain unauthorized access to systems1. Currently, there are no patches available to fix the vulnerability, and while no active attacks have been confirmed, experts warn that exploitation could be imminent. As a result, organizations are advised to remain vigilant and apply mitigations to minimize their risk exposure. The Cybersecurity and Infrastructure Security Agency (CISA) and the German Federal Office for Information Security (BSI) have issued warnings about the vulnerability, emphasizing the need for prompt action. This vulnerability matters to practitioners because it has the potential to cause significant damage if exploited, making it essential to monitor the situation closely and apply patches as soon as they become available.
CISA and BSI warn orgs of critical PTC Windchill and FlexPLM flaw
⚠️ Critical Alert
Why This Matters
CVE-2026-4681 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, March 27). CISA and BSI warn orgs of critical PTC Windchill and FlexPLM flaw. SecurityAffairs. https://securityaffairs.com/190049/security/cisa-and-bsi-warn-orgs-of-critical-ptc-windchill-and-flexplm-flaw.html
Original Source
SecurityAffairs
Read original →