CVE Tools
Back to feed
Help Net Security ·EN-US News source

JSP webshells being dropped on unpatched PTC Windchill instances

By Zeljka Zorz··2 min read
CVE Tools coverage

CISA added CVE-2026-12569 to its Known Exploited Vulnerabilities catalog, warning that PTC Windchill and FlexPLM are being targeted in the wild. PTC reports that attackers can exploit the improper input validation flaw (unauthenticated remote code execution) and has observed indicators consistent with JSP webshells being deployed on vulnerable systems.
Organizations using affected PTC product lifecycle management deployments should apply the relevant patches and check their environments for indicators of compromise.