PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution.

The security issue, identified as CVE-2026–4681, could be leveraged through the deserialization of trusted data.

Its severity has prompted emergency action from German authorities, with the federal police (BKA) reportedly sending agents to affected companies to alert them to the cybersecurity risk.