Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods.
The vulnerability, tracked as CVE-2026-12569, is an unsafe deserialization flaw that enables remote code execution. It’s located in the web-based Windchill PDMLink product data management component and is rated 9.3 severity on the CVSS scale.
Product lifecycle management software is vital to organizations that manufacture products as it allows them to track a product from design to retirement, including storing CAD designs, bills of materials, workflows, engineering data, and more.
