German Police Urge Immediate Patch for Critical PTC Windchill Vulnerability (CVE‑2026‑4681)
What Happened – German federal police dispatched officers to corporate IT administrators’ homes in the early‑morning hours of 25 Mar 2026, delivering a physical advisory to force rapid remediation of a CVSS 10 remote‑code‑execution flaw (CVE‑2026‑4681) in PTC’s Windchill and FlexPLM platforms.
Why It Matters for TPRM –
- The vulnerability enables unauthenticated code execution, data exfiltration, and ransomware deployment on critical product‑lifecycle‑management systems.
- Police‑level escalation signals a high likelihood of active exploitation by criminal groups targeting manufacturers and retailers.
Who Is Affected – Manufacturing firms, brands, and retailers that run PTC Windchill or FlexPLM; broader supply‑chain partners that rely on these PLM systems.
Recommended Actions –
- Verify whether any of your third‑party vendors use PTC Windchill/FlexPLM.
- Apply the Apache/IIS workarounds immediately; if not feasible, isolate the affected servers from the Internet.
- Engage PTC’s 24×7 support, confirm no indicators of compromise, and update incident‑response playbooks.
Technical Notes – The flaw is a deserialization vulnerability allowing remote code execution via crafted objects. CVSS v4 base 9.3, CVSS v3.1 base 10. No confirmed exploitation yet, but indicators of compromise have been published. Source: DataBreachToday