Skip to main content

Solidworks Desktop EUVDEUVD-2026-12419

| CVE-2026-3476 HIGH
Code Injection (CWE-94)
2026-03-16 3DS
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 12:00 euvd
EUVD-2026-12419
Analysis Generated
Mar 16, 2026 - 12:00 vuln.today
CVE Published
Mar 16, 2026 - 11:48 nvd
HIGH 7.8

DescriptionCVE.org

A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.

AnalysisAI

A code injection vulnerability in SOLIDWORKS Desktop releases 2025 through 2026 allows attackers to execute arbitrary code on victim machines by tricking users into opening specially crafted files. The vulnerability requires local access and user interaction but provides complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 7.8). No evidence of active exploitation or proof-of-concept code has been reported.

Technical ContextAI

The vulnerability affects Dassault Systèmes SOLIDWORKS Desktop software (CPE: cpe:2.3:a:dassault_systèmes:solidworks_desktop:*:*:*:*:*:*:*:*), a professional 3D CAD application widely used in engineering and manufacturing. The root cause is improper input validation leading to code injection (CWE-94), where the application fails to properly sanitize or validate data within specially crafted files before processing them. This allows malicious code embedded in the file to be interpreted and executed by the application with the privileges of the current user.

RemediationAI

Users should immediately check the 3DS security advisory at https://www.3ds.com/trust-center/security/security-advisories/CVE-2026-3476 for patch availability and upgrade instructions for SOLIDWORKS Desktop. Until patches are applied, implement compensating controls including restricting SOLIDWORKS file sources to trusted origins only, scanning files with updated antivirus before opening, and educating users about the risks of opening SOLIDWORKS files from untrusted sources or unexpected emails. Consider implementing application sandboxing or virtualization for high-risk users who must work with external files.

Share

EUVD-2026-12419 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy