A critical vulnerability in PTC Windchill and FlexPLM product lifecycle management software is being exploited by hackers, posing a significant threat to organizations in various industries, including defense, aerospace, and automotive. The flaw, identified as CVE-2026-12569, is an unsafe deserialization issue that allows remote code execution, with a severity rating of 9.3 on the CVSS scale1. Located in the web-based Windchill PDMLink component, this vulnerability enables attackers to execute malicious code remotely, potentially leading to severe consequences. The exploitation of this flaw expands the active attack surface, making it essential for organizations to prioritize their response based on exposure and evidence of exploitation. This vulnerability matters to practitioners because it highlights the need for prompt patching and vigilance in securing product lifecycle management systems to prevent potential breaches and attacks.