CVE-2026-12569
KEV
🔴 Łataj teraz
Wykonanie zdalnego kodu w PTC Windchill PDMlink i FlexPLM przez deserializację danych.
CVSS
9.8
EPSS
1.1%
Exploit
weaponized
Vendor
ptc
Opis źródłowy (NVD)
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. * This advisory also applies to all CPS versions * The identified vulnerability also impacts Windchill and FlexPLM releases prior to 11.0 M030
deserialization rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 1.1% |
| Opublikowano (NVD) | 2026-06-18 01:18:12 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-26 14:35:41 UTC |
Referencje
- https://www.ptc.com/en/support/article/CS473270 (0b655efc-079c-4cb9-9e8d-164871239f4e) [Permissions Required]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-12569 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]