CVE-2026-0662

HIGH

Autodesk 3ds Max 2026-2026.3.2 - Remote Code Execution via Untrusted Search Path

Title source: llm

Description

A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.

References (2)

Core 2

Core References

Product patch

https://www.autodesk.com/products/autodesk-access/overview

Vendor Advisory vendor-advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002

Scores

CVSS v3 7.8

EPSS 0.0018

EPSS Percentile 7.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-426

Status published

Products (1)

autodesk/3ds_max 2026 - 2026.3.2

Published Feb 04, 2026

Tracked Since Feb 18, 2026