CVE-2026-4681 is a critical remote code execution vulnerability affecting PTC Windchill PDMLink and PTC FlexPLM. The CISA CSAF advisory states the issue may be exploited through deserialization of untrusted data and assigns a CVSS v3.1 score of 10.0. CISA’s record republishes PTC’s CS466318 and notes workaround guidance is available while PTC develops a fix. Publicly accessible Windchill systems are calle [truncated]
PTC Kepware ThingWorx Kepware Server is affected by a denial-of-service vulnerability in the ControlLogix protocol online tag generation feature. When this feature is enabled, a machine-in-the-middle attacker or a misconfigured device can send a crafted response that triggers unrestricted resource allocation, crashing the Kepware application. The vulnerability is rated CVSS 3.1 5.3 (Medium) with an attack [truncated]
PTC Creo Elements/Direct License Server contains a critical unauthenticated remote code execution vulnerability. The license server's web interface allows unauthenticated remote attackers to execute arbitrary operating system commands on the server, resulting in complete system compromise. This vulnerability affects multiple products in the Creo Elements/Direct product family that rely on the affected lic [truncated]
PTC Codebeamer contains a cross-site scripting (XSS) vulnerability that could allow an attacker to inject and execute malicious code. The vulnerability was disclosed by CISA on May 7, 2024, with a CVSS 3.1 score of 7.1 (HIGH). Affected versions include Codebeamer 22.10 SP9 and earlier, 2.0.0.3 and earlier, and version 2.1.0.0. PTC has released patches addressing this issue.