securityweek.com·Mar 27, 2026
CISA has issued an advisory about a critical vulnerability in PTC's Windchill PLM software, CVE-2026-4681, which could allow remote code execution, prompting unprecedented police alerts to companies in Germany, though no patches are available yet.
The recent advisory by CISA about a critical deserialization vulnerability (CVE-2026-4681) in PTC’s Windchill and FlexPLM products underscores the urgency of implementing mitigation strategies before patches are available. For cybersecurity professionals, particularly those managing industrial environments, it's crucial to apply the provided mitigations and monitor for indicators of compromise to prevent potential exploitation, which has already prompted unprecedented physical alerts in Germany.