A vulnerability in PTC Windchill, labeled CVE-2026-12569, has been exploited in real-world attacks, allowing remote, unauthenticated attackers to execute arbitrary code through crafted requests. CISA has added this issue to its Known Exploited Vulnerabilities catalog and instructed federal agencies to implement remediation by June 28. PTC is actively distributing patches, having started on June 17, after discovering attacks deploying JSP webshells for remote command execution.
Windchill is widely used in critical sectors like automotive and aerospace, accentuating the threat to supply chains and operational technology. Authorities previously warned of exploitation risks associated with another PTC vulnerability, CVE-2026-4681, though no attacks were reported at that time.