CISA and BSI Warn of Critical Vulnerability in PTC’s Windchill and FlexPLM Software

CISA and BSI issued warnings about a critical vulnerability (CVE-2026-4681) in PTC’s Windchill and FlexPLM software, assigned the highest CVSS score of 10.0. The flaw remains unpatched, with no confirmed active exploitation reported at this time. The advisory highlights the potential for imminent attacks due to the severity of the issue. No specific attack vectors, affected versions, or mitigation steps were disclosed in the notice. The vulnerability impacts organizations using PTC’s product lifecycle management (PLM) solutions. No timeline for patch availability was provided.