CVE-2026-4681 - Vulnerability Details

- Critical Remote Code Execution vulnerability reported in Windchill

Description

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.

This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.

Published: 2026-03-23

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A remote code execution vulnerability arises from the deserialization of untrusted data in PTC Windchill and FlexPLM. The flaw is classified as CWE‑94 and can enable an attacker to run arbitrary code with the privileges of the application, leading to a full compromise of confidentiality, integrity, and availability of the affected systems. The high CVSS score of 9.3 reflects the severity of this issue.

Affected Systems

The vulnerability affects PTC Windchill PDMLink versions 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, and 13.1.3.0, as well as PTC FlexPLM versions 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, and 13.0.3.0.

Risk and Exploitability

The CVSS base score of 9.3 indicates a critical risk level. EPSS data are not available, and the vulnerability is not listed in the CISA KEV catalog, but the nature of the flaw—remote deserialization—suggests that an attacker who can send crafted data to the affected applications may trigger arbitrary code execution. Exploitation requires remote access but does not rely on local privileges, making it potentially reachable from external network traffic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

PTC

Windchill PDMLink

unknown

Version	Status	Constraints
`11.0 M030`	affected	—
`11.1 M020`	affected	—
`11.2.1.0`	affected	—
`12.0.2.0`	affected	—
`12.1.2.0`	affected	—
`13.0.2.0`	affected	—
`13.1.0.0`	affected	—
`13.1.1.0`	affected	—
`13.1.2.0`	affected	—
`13.1.3.0`	affected	—

PTC

FlexPLM

unknown

Version	Status	Constraints
`11.0 M030`	affected	—
`11.1 M020`	affected	—
`11.2.1.0`	affected	—
`12.0.0.0`	affected	—
`12.0.2.0`	affected	—
`12.0.3.0`	affected	—
`12.1.2.0`	affected	—
`12.1.3.0`	affected	—
`13.0.2.0`	affected	—
`13.0.3.0`	affected	—

No data.

Vendor Product Confidence Versions

Ptc

Flexplm

100%

Version	Status	Scheme	Platform
`11.0 M030`	affected	generic	—
`11.1 M020`	affected	generic	—
`11.2.1.0`	affected	generic	—
`12.0.0.0`	affected	generic	—
`12.0.2.0`	affected	generic	—
`12.0.3.0`	affected	generic	—
`12.1.2.0`	affected	generic	—
`12.1.3.0`	affected	generic	—
`13.0.2.0`	affected	generic	—
`13.0.3.0`	affected	generic	—

Ptc

Windchill Pdmlink

100%

Version	Status	Scheme	Platform
`11.0 M030`	affected	generic	—
`11.1 M020`	affected	generic	—
`11.2.1.0`	affected	generic	—
`12.0.2.0`	affected	generic	—
`12.1.2.0`	affected	generic	—
`13.0.2.0`	affected	generic	—
`13.1.0.0`	affected	generic	—
`13.1.1.0`	affected	generic	—
`13.1.2.0`	affected	generic	—
`13.1.3.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor‑released patch or upgrade PTC Windchill and FlexPLM to a fixed version that resolves the unsafe deserialization flaw.
If a formal patch is not yet available, isolate the affected systems from external network access and monitor for anomalous traffic or attempts to exploit deserialization.
Verify that the application does not accept serialized objects from unauthenticated sources and enforce strict validation of deserialized data.

Generated by OpenCVE AI on March 24, 2026 at 03:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00497.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability?srsltid=AfmBOop3e7Nthx5-BsrjKdpZi50wL6l6Bt21Fz0gUub2cIPgdPGV5bNl

History

Tue, 24 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ptc Ptc flexplm Ptc windchill Pdmlink
Vendors & Products		Ptc Ptc flexplm Ptc windchill Pdmlink

Tue, 24 Mar 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
Title		Critical Remote Code Execution vulnerability reported in Windchill
Weaknesses		CWE-94
References		https://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-critical-vulnerability?srsltid=AfmBOop3e7Nthx5-BsrjKdpZi50wL6l6Bt21Fz0gUub2cIPgdPGV5bNl
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/AU:Y/R:U/V:C/RE:M/U:Red'}`

Subscriptions

Ptc Flexplm Windchill Pdmlink

MITRE

Status: PUBLISHED

Assigner: PTC

Published: 2026-03-23T21:48:05.652Z

Updated: 2026-03-24T14:49:43.425Z

Reserved: 2026-03-23T21:42:24.158Z

Link: CVE-2026-4681

Vulnrichment

Updated: 2026-03-24T14:49:30.805Z

NVD

Status : Awaiting Analysis

Published: 2026-03-23T22:16:31.890

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4681

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T20:36:17Z

Weaknesses

CWE-94

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object