Skip to main content

Solid Edge SE2026 CVE-2026-44412

| EUVDEUVD-2026-29436 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-05-12 siemens GHSA-38hh-m295-69vh
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 12, 2026 - 10:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 12, 2026 - 10:22 vuln.today
cvss_changed
CVSS changed
May 12, 2026 - 10:22 NVD
7.8 (HIGH) 7.3 (HIGH)
Analysis Generated
May 12, 2026 - 10:04 vuln.today
CVE Published
May 12, 2026 - 08:21 nvd
HIGH 7.8

DescriptionCVE.org

A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

AnalysisAI

Stack-based buffer overflow in Siemens Solid Edge SE2026 allows arbitrary code execution when users open malicious PAR files. Attackers must deliver a weaponized PAR file and convince the user to open it, after which code executes with user's privileges. All versions prior to V226.0 Update 5 are vulnerable. No active exploitation confirmed (not in CISA KEV), but the attack relies on user interaction with a common CAD file format, making social engineering feasible in engineering/manufacturing environments.

Technical ContextAI

Solid Edge is Siemens' CAD software for mechanical design and simulation, widely used in manufacturing and engineering sectors. The vulnerability (CWE-121) is a classic stack-based buffer overflow occurring in the PAR file parser. PAR files are Parasolid geometry files, a standard format for exchanging 3D CAD data between applications. When Solid Edge processes a malformed PAR file with oversized or malicious data, the parser writes beyond allocated stack memory boundaries without proper bounds checking. This memory corruption can overwrite return addresses or function pointers on the stack, redirecting program execution to attacker-controlled code. The affected product per CPE is cpe:2.3:a:siemens:solid_edge_se2026, confirming the vulnerability is specific to the 2026 release family.

RemediationAI

Upgrade to Siemens Solid Edge SE2026 V226.0 Update 5 or later, which addresses the stack overflow in the PAR file parser. Download the patched version from Siemens Product Support or via the official update mechanism in Solid Edge. Vendor advisory confirming fix version at https://cert-portal.siemens.com/productcert/html/ssa-921111.html. If immediate patching is not feasible, implement compensating controls: restrict PAR file sources to trusted partners only via email filtering and download policies; open untrusted PAR files in sandboxed environments or on isolated systems without network access or sensitive data; deploy application whitelisting to prevent unauthorized code execution if exploitation occurs; and educate CAD users on risks of opening files from unknown sources. Note that blocking PAR files entirely may disrupt legitimate engineering workflows requiring Parasolid format exchange. Windows Defender Exploit Guard or similar exploit mitigation features (DEP, ASLR, CFG) may increase exploitation difficulty but should not replace patching.

Share

CVE-2026-44412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy