Skip to main content

Autodesk Revit CVE-2026-1288

MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-17 autodesk
5.5
CVSS 3.1 · Vendor: autodesk
Share

Severity by source

Vendor (autodesk) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local file-based trigger (AV:L), user must initiate conversion (UI:R), no privileges needed, crash-only impact with no C or I.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (autodesk).

CVSS VectorVendor: autodesk

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 16:57 vuln.today

DescriptionCVE.org

A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

AnalysisAI

NULL pointer dereference in Autodesk Revit's 'Convert RFA to FormIt' feature causes the application to crash when processing a specially crafted RFA file, resulting in a denial-of-service condition. All tracked versions of Autodesk Revit are affected per CPE data, with the attack requiring local file access and deliberate user interaction to trigger the vulnerable conversion workflow. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver crafted RFA file to target user
Delivery
User opens file in Autodesk Revit
Exploit
User triggers 'Convert RFA to FormIt' conversion
Execution
NULL pointer dereference fires in conversion parser
Impact
Revit process crashes (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to have Autodesk Revit installed and to actively trigger the 'Convert RFA to FormIt' feature on a malicious RFA file - this specific conversion workflow is the vulnerable code path, not general RFA file opening. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) accurately reflects a moderate-severity, locally exploited denial-of-service issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malformed RFA file designed to trigger a null pointer condition during FormIt conversion and delivers it to a Revit user via email, a shared project folder, or a collaboration platform under the guise of a standard Revit family asset. The victim opens the file in Autodesk Revit and invokes 'Convert RFA to FormIt,' causing the application to dereference a null pointer and crash immediately. …
Remediation Apply the vendor-released patch for Autodesk Revit through the Autodesk Access client available at https://www.autodesk.com/products/autodesk-access/overview. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Revit

View all
CVE-2025-1274 HIGH
7.8 Apr 15

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. Rate

CVE-2025-1275 HIGH
7.8 Apr 15

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overf

CVE-2025-2497 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerabilit

CVE-2025-1656 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-1277 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability.

CVE-2025-1273 HIGH
7.8 Apr 15

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vuln

CVE-2025-5036 HIGH
7.8 Jun 02

Use-After-Free vulnerability (CWE-416) in Autodesk Revit triggered by maliciously crafted RFA (Revit Family) files that

CVE-2025-1276 HIGH
7.8 Apr 15

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vuln

CVE-2025-5037 HIGH
7.8 Jul 10

CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE,

CVE-2025-5040 HIGH
7.8 Jul 10

CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attack

CVE-2024-11608 HIGH
7.8 Dec 09

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow.

CVE-2024-11454 HIGH
7.8 Dec 09

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and

Share

CVE-2026-1288 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy