PTC Windchill/FlexPLM RCE via Deserialization (v11.x-13.x)
CVE-2026-4681 Published on March 23, 2026
Critical Remote Code Execution vulnerability reported in Windchill
A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.
This issue affects Windchill PDMLink: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.2.0, 12.1.2.0, 13.0.2.0, 13.1.0.0, 13.1.1.0, 13.1.2.0, 13.1.3.0; FlexPLM: 11.0 M030, 11.1 M020, 11.2.1.0, 12.0.0.0, 12.0.2.0, 12.0.3.0, 12.1.2.0, 12.1.3.0, 13.0.2.0, 13.0.3.0.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2026-4681 has been classified to as a Code Injection vulnerability or weakness.
Affected Versions
PTC Windchill PDMLink:- Version 11.0 M030 is affected.
- Version 11.1 M020 is affected.
- Version 11.2.1.0 is affected.
- Version 12.0.2.0 is affected.
- Version 12.1.2.0 is affected.
- Version 13.0.2.0 is affected.
- Version 13.1.0.0 is affected.
- Version 13.1.1.0 is affected.
- Version 13.1.2.0 is affected.
- Version 13.1.3.0 is affected.
- Version 11.0 M030 is affected.
- Version 11.1 M020 is affected.
- Version 11.2.1.0 is affected.
- Version 12.0.0.0 is affected.
- Version 12.0.2.0 is affected.
- Version 12.0.3.0 is affected.
- Version 12.1.2.0 is affected.
- Version 12.1.3.0 is affected.
- Version 13.0.2.0 is affected.
- Version 13.0.3.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.