Summary
PTC reports a critical RCE vulnerability (CVE-2026-4681) in Windchill and FlexPLM software, leading to emergency warnings from German police due to an imminent threat of exploitation.
Take Action:
If you're running PTC Windchill or FlexPLM, make sure these systems are isolated from the internet and accessible from trusted networks only. This one is a perfect 10.0 severity with no patch yet, so apply the recommended rewrite rules to block the WindchillGW and WindchillAuthGW servlet paths immediately. Also check your servers for signs of compromise like GW.class, payload.bin, or dpr_*.jsp files, and if you can't apply the workarounds, shut down the affected services until PTC releases an official patch.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)