CVE-2026-0659
HIGHAutodesk Arnold/Autodesk 3ds Max - RCE
Title source: llmDescription
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
7.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Classification
CWE
CWE-787
Status
draft
Timeline
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026