Severity by source
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to execute arbitrary system commands and read local files without user interaction by exploiting an embedded Internet Explorer 11 browser.
Analysis
A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to execute arbitrary system commands and read local files without user interaction by exploiting an embedded Internet Explorer 11 browser.
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code vi
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, a
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689),
Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-assisted remote attackers to execute arbitrary code o
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary c
Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), th
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVS
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVS
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31386
GHSA-gfqf-9c7q-2qmr