Ashlar-Vellum

Ashlar-Vellum is a software company known for architectural and design tools used by professionals in construction and engineering. This vulnerability is a local attack requiring user interaction but no authentication, allowing an attacker with local access to execute malicious code that could compromise confidentiality, integrity, and availability of the affected system. Security teams should monitor for suspicious local file access attempts and ensure users avoid opening untrusted files in Ashlar-Vellum applications until a patch is released by the April 2026 deadline.