Skip to main content

Windchill Pdmlink CVE-2026-4681

| EUVD-2026-14606 CRITICAL
Code Injection (CWE-94)
2026-03-23 PTC GHSA-jfrx-fmg3-3p8m
RCE Deserialization Windchill Pdmlink Flexplm
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:C/RE:M/U:Red

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:C/RE:M/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

5
Started Trending
Mar 31, 2026 - 11:23 vuln.today
8.0
PoC Detected
Mar 24, 2026 - 15:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 23, 2026 - 22:15 euvd
EUVD-2026-14606
Analysis Generated
Mar 23, 2026 - 22:15 vuln.today
CVE Published
Mar 23, 2026 - 21:48 nvd
CRITICAL 9.3

DescriptionCVE.org

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.

This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.

Articles & Coverage 1

thecyberexpress.com Kali Forms WordPress Plugin RCE CVE-2026-1490: Active Exploitation After Public Disclosure Apr 14, 2026

AnalysisAI

A critical remote code execution vulnerability exists in PTC Windchill PDMLink and PTC FlexPLM products due to unsafe deserialization of untrusted data, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability affects multiple versions of both products spanning from version 11.0 through 13.1.3.0 for Windchill and 11.0 through 13.0.3.0 for FlexPLM. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send malicious serialized object to vulnerable endpoint
Exploit
Deserialize untrusted data in PTC Windchill/FlexPLM
Impact
Execute arbitrary code on server
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Remote unauthenticated attacker sends crafted serialized Java objects to PTC Windchill PDMLink (11.0-13.1.3.0) or FlexPLM (11.0-13.0.3.0) deserialization endpoints. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability represents critical real-world risk despite the absence of a CVSS score and vector in the provided data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a Windchill or FlexPLM web service (either directly or through the internet if exposed) crafts a malicious serialized Java object embedding a gadget chain that executes arbitrary shell commands. The attacker sends this payload through a deserialization-accepting endpoint, such as a document upload service, API call, or data synchronization mechanism. …
Remediation Organizations must immediately apply security patches provided by PTC for affected Windchill PDMLink and FlexPLM versions; specific patch versions and availability should be confirmed at PTC's advisory center (https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all affected systems running PTC Windchill and PTC FlexPLM. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4681 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy