{"id":1465,"date":"2026-06-26T15:48:19","date_gmt":"2026-06-26T15:48:19","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1465"},"modified":"2026-06-26T15:48:19","modified_gmt":"2026-06-26T15:48:19","slug":"cisa-adds-exploited-ptc-windchill-rce-flaw-to-kev-as-web-shell-attacks-continue","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1465","title":{"rendered":"CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue"},"content":{"rendered":"
\n

\ue804<\/i>Ravie Lakshmanan<\/span>\ue802<\/i>Jun 26, 2026<\/span><\/span>Vulnerability \/ Software Security<\/span><\/p>\n<\/div>\n

\n
<\/a><\/div>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added<\/a> a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV<\/a>) catalog, citing evidence of active exploitation.<\/p>\n

The vulnerability in question is CVE-2026-12569<\/a><\/b> (CVSS score: 9.3), a case of improper input validation that could allow an attacker to execute arbitrary code by sending a malicious request to the network.\u00a0<\/p>\n

\u00abThe vulnerability is a remote code execution (RCE) issue that may be exploited through deserialization of untrusted data,\u00bb according to an advisory released by PTC.<\/p>\n

Although patches for the flaw were released last week, PTC has since confirmed, as of June 25, that \u00abwe’ve received continued reports of heightened threat activity,\u00bb with the company disclosing that unknown attackers are exploiting the vulnerability to deploy JSP web shells against susceptible systems.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

PTC has also released<\/a> the following indicators of compromise (IoCs) associated with the activity –<\/p>\n