CVE-2026-1288
MEDIUMAutodesk Revit RFA Conversion - NULL Pointer Dereference Denial of Service
Title source: manualDescription
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (5)
autodesk/revit
2024 - 2024.3.5
Autodesk/Revit
2024.0.0 - 2024.3.5
Autodesk/Revit
2025.0.0 - 2025.4.5
Autodesk/Revit
2026.0.0 - 2026.4.1
Autodesk/Revit
2027.0.0 - 2027.1.0
Published
Jun 17, 2026
Tracked Since
Jun 17, 2026