PTC Windchill/FlexPLM CVE-2026-12569 — unauth Java deserialization RCE (CVSS 10.0), actively exploited
cve · CVE-2026-12569
Coverage timeline
1
first 2026-06-20 → last 2026-06-20
Briefs
1
1 distinct
Sources cited
7
6 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-20CTI Daily Brief — 2026-06-20
Where this entity is cited
- deep_dive1
Source distribution
- attack.mitre.org2 (29%)
- advisory.splunk.com1 (14%)
- cisa.gov1 (14%)
- heise.de1 (14%)
- ptc.com1 (14%)
- security-hub.ncsc.admin.ch1 (14%)
External references
All cited sources (7)
- heise.deprimaryinlineHeise Security, 2026-06-19https://www.heise.de/en/news/PTC-Windchill-BSI-calls-admins-at-night-due-to-critical-security-vulnerability-11338329.html
- advisory.splunk.cominlineSplunk PSIRT SVD-2026-0603https://advisory.splunk.com/advisories/SVD-2026-0603
- attack.mitre.orginlineT1190 Exploit Public-Facing Applicationhttps://attack.mitre.org/techniques/T1190/
- attack.mitre.orginlineT1505.003 Server Software Component: Web Shellhttps://attack.mitre.org/techniques/T1505/003/
- cisa.govinlineCISA FortiGate hardening alerthttps://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure
- ptc.cominlinePTC PSIRT advisoryhttps://www.ptc.com/en/about/trust-center/advisory-center/active-advisories/windchill-flexplm-rce-vulnerability
- security-hub.ncsc.admin.chinlineNCSC-CH, 2026-06-19https://security-hub.ncsc.admin.ch/#/posts/12713
Items in briefs about PTC Windchill/FlexPLM CVE-2026-12569 — unauth Java deserialization RCE (CVSS 10.0), actively exploited
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.