Article - CS466318
Critical RCE (CVSS 10.0) vulnerability reported in Windchill
Modified: 22-Mar-2026
Applies To
- Windchill PDMLink 11.0 M030
- Windchill PDMLink 11.1 M020
- Windchill PDMLink 11.2.1.0
- Windchill PDMLink 12.0.2.0
- Windchill PDMLink 13.0.2.0
- Windchill PDMLink 13.1.0.0
- Windchill PDMLink 13.1.1.0
- Windchill PDMLink 13.1.2.0
- Windchill PDMLink 13.1.3.0
- Windchill PDMLink 12.1.2.0
- FlexPLM 11.0 M030
- FlexPLM 11.1 M020
- FlexPLM 11.2.1.0
- FlexPLM 12.0.0.0
- FlexPLM 12.0.2.0
- FlexPLM 12.0.3.0
- FlexPLM 12.1.2.0
- FlexPLM 12.1.3.0
- FlexPLM 13.0.2.0
- FlexPLM 13.0.3.0
Description
- The vulnerability is a Remote Code Execution (RCE) issue that may be exploited through deserialization of untrusted data
- CWE - CWE-94: Improper Control of Generation of Code ('Code Injection') (4.19.1)
- CVSS v3.1 Base Score: 10.0 (Critical)
- At this time, there is no evidence of confirmed exploitation affecting PTC customers
This is a printer-friendly version of Article 466318 and may be out of date. For the latest version click CS466318