PTC Inc. disclosed a critical deserialization vulnerability (CVE-2026-4681) in Windchill and FlexPLM that could allow remote code execution. German authorities have issued emergency warnings while PTC develops patches and provides mitigations, IoCs, and detection guidance. #Windchill #CVE-2026-4681
Keypoints
- CVE-2026-4681 is a deserialization flaw that can be exploited for remote code execution.
- Most supported Windchill and FlexPLM versions, including all CPS releases, are affected.
- PTC is actively developing patches; until then administrators should apply the vendorβs Apache/IIS rule or isolate affected instances.
- PTC published IoCs and detection advice, including files like GW.class and dpr_.jsp and suspicious User-Agent patterns.
- Germanyβs BKA issued urgent alerts to organizations, highlighting an imminent threat and national-security concerns for PLM systems.