Is Simcenter Femap affected by CVE-2026-23716?

Simcenter Femap and Nastran users face a high-severity vulnerability (CVSS 7.8) in XDB file parsing that could allow attackers to crash applications or potentially execute code through maliciously crafted files.

CVE-2026-23716

Q: How to fix CVE-2026-23716?

Within 24 hours: Identify all systems running Simcenter Femap and Nastran versions prior to V2512 and restrict file-sharing access. Within 7 days: Implement file validation controls, disable XDB file import where operationally feasible, and establish user awareness of the risk. Within 30 days: Monitor vendor communications for patch release and develop a deployment plan; consider upgrading to V2512 or later once available.

HIGH

2026-02-10 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 10:15 nvd

HIGH 7.8

Description

A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.

Analysis

Arbitrary code execution in Simcenter Femap and Nastran versions prior to 2512 results from an out-of-bounds read when processing malicious XDB files, enabling local attackers to achieve process-level code execution. An attacker with local access can craft a specially designed XDB file to trigger the memory vulnerability and execute arbitrary code with the privileges of the affected application. …

Remediation

Within 24 hours: Identify all systems running Simcenter Femap and Nastran versions prior to V2512 and restrict file-sharing access. Within 7 days: Implement file validation controls, disable XDB file import where operationally feasible, and establish user awareness of the risk. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2026-23716 vulnerability details – vuln.today

Back

CVE-2026-23716

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-23716

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code