7.8
CVE-2026-0659
- EPSS 0.21%
- Veröffentlicht 04.02.2026 16:01:27
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
USD File Parsing Out-of-Bounds Write Vulnerability
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAutodesk
≫
Produkt
USD for Arnold
Default Statusunaffected
Version
7.4.4.1
Version <
7.4.4.2
Status
affected
HerstellerAutodesk
≫
Produkt
Arnold
Default Statusunaffected
Version
7.4.4.1
Version <
7.4.4.2
Status
affected
HerstellerAutodesk
≫
Produkt
3ds Max
Default Statusunaffected
Version
2026.2
Version <
2026.3.2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://www.autodesk.com/products/autodesk-access/overview
https://github.com/Autodesk/arnold-usd
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0003