CVE Tools
Back to feed
The Hacker News ·EN News source

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

By The Hacker News··2 min read
CVE Tools coverage

CISA has added a actively exploited remote code execution flaw to its Known Exploited Vulnerabilities (KEV) catalog, affecting PTC Windchill PDMlink and PTC FlexPLM. The issue is tracked as CVE-2026-12569 (CVSS 9.3), where improper input validation can enable arbitrary code execution. PTC reports that attackers are continuing to use the vulnerability to install JSP web shells on vulnerable systems, underscoring the risk of rapid weaponization after patch releases.