FlagThis - Latest Cybersecurity News

CVE-2026-12569 is a critical unauthenticated remote code execution (RCE) vulnerability in the PDMLink component of PTC Windchill and FlexPLM. The flaw originates from unsafe deserialization, allowing remote attackers to execute arbitrary code without authentication. Adversaries are actively exploiting this vector to deploy web shells for persistent access and cyber espionage, specifically targeting high-value intellectual property in the defense, aerospace, and automotive sectors. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing the immediate need for patching across affected versions (11.0 through 13.1.1) to prevent systemic data exfiltration.