CVE-2026-44411

HIGH

Solid Edge SE2026 < V226.0 Update 5 - Remote Code Execution via Crafted PAR File Parsing

Title source: llm

Description

A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.

References (1)

Core 1

Core References

https://cert-portal.siemens.com/productcert/html/ssa-921111.html

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-824

Status published

Products (1)

Siemens/Solid Edge SE2026 < V226.0 Update 5

Published May 12, 2026

Tracked Since May 12, 2026