Ashlar-Vellum

Ashlar-Vellum is a CAD and design software company known for products like Vellum and Cobalt used in architecture and engineering. This high-severity vulnerability (CVSS 7.8) requires local access and user interaction to exploit, but once triggered delivers complete system compromise with high impact to confidentiality, integrity, and authenticity—no authentication is needed beyond initial access. Security teams should monitor for suspicious file execution and user reports of unexpected behavior from Ashlar-Vellum applications, particularly before the March 2026 patch deadline.