7.8
CVE-2026-3476
- EPSS 0.17%
- Veröffentlicht 16.03.2026 11:48:18
- Zuletzt bearbeitet 08.06.2026 14:36:25
- Quelle 3DS.Information-Security@3ds.c
- CVE-Watchlists
- Unerledigt
Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026
A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
3ds ≫ Solidworks Version >= 2025 < 2026
3ds ≫ Solidworks Version2026 Updatesp0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.065 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 3DS.Information-Security@3ds.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://www.3ds.com/trust-center/security/security-advisories/cve-2026-3476