FlagThis - Latest Cybersecurity News

CVE-2026-12569 is a critical unsafe deserialization vulnerability (CVSS 9.3) within the web-based Windchill PDMLink component of PTC Windchill and FlexPLM. Threat actors are actively weaponizing this flaw to achieve unauthenticated Remote Code Execution (RCE) via Java-based deserialization vectors. Successful exploitation enables the deployment of web shells to establish persistent access and facilitate data exfiltration. Given the role of Product Lifecycle Management (PLM) software in managing sensitive intellectual property—including CAD designs and Bills of Materials (BOM)—this vulnerability presents a high-risk vector for industrial espionage and manufacturing disruption across the defense, aerospace, and automotive sectors.