The Hacker News ·EN News source
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
CVE Tools coverage
CISA has added a actively exploited remote code execution flaw to its Known Exploited Vulnerabilities (KEV) catalog, affecting PTC Windchill PDMlink and PTC FlexPLM. The issue is tracked as CVE-2026-12569 (CVSS 9.3), where improper input validation can enable arbitrary code execution. PTC reports that attackers are continuing to use the vulnerability to install JSP web shells on vulnerable systems, underscoring the risk of rapid weaponization after patch releases.