RCE in Ptc Flexplm

CVE-2026-4681

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

Affected products

Ptc Flexplm — versions 11.0 M030, 11.1 M020, 11.2.1.0
Ptc Windchill Pdmlink — versions 11.0 M030, 11.1 M020, 11.2.1.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-f… (vendor-advisory, mitigation)