CVE-2026-3476

HIGH

Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026

Title source: cna

Description

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.

References (2)

Core 2

Core References

https://www.3ds.com/trust-center/security/security-advisories/CVE-2026-3476

https://www.3ds.com/trust-center/security/security-advisories/cve-2026-3476

Scores

CVSS v3 7.8

EPSS 0.0017

EPSS Percentile 6.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (4)

3ds/solidworks 2026 sp0

3ds/solidworks 2025 - 2026

Dassault Systèmes/SOLIDWORKS Desktop Release 2025 SP0 - Release 2025 SP5

Dassault Systèmes/SOLIDWORKS Desktop Release 2026 SP0

Published Mar 16, 2026

Tracked Since Mar 16, 2026