Ashlar-Vellum

Ashlar-Vellum is a software company known for 2D and 3D design and drafting tools used in architecture and engineering. This high-severity vulnerability (CVSS 7.8) requires local access to a user's machine and user interaction to exploit, but once triggered it grants an attacker high-level capabilities to compromise confidentiality, integrity, and availability of the affected system. Security teams should monitor for suspicious file access attempts and user interactions with Ashlar-Vellum products, and ensure patches are applied once the vendor releases a fix by the April 2026 deadline.