Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Autodesk | USD for Arnold | unaffected |
|
||||||
| Autodesk | Arnold | unaffected |
|
||||||
| Autodesk | 3ds Max | unaffected |
|
No data.
No data.
No data available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 04 Feb 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 04 Feb 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |
| Title | USD File Parsing Out-of-Bounds Write Vulnerability | |
| First Time appeared |
Autodesk
Autodesk 3ds Max Autodesk arnold Autodesk usd For Arnold |
|
| Weaknesses | CWE-787 | |
| CPEs | cpe:2.3:a:autodesk:3ds_max:2026.2:*:*:*:*:*:*:* cpe:2.3:a:autodesk:arnold:7.4.4.2:*:*:*:*:*:*:* cpe:2.3:a:autodesk:usd_for_arnold:arnold_usd_7.4.4.1:*:*:*:*:*:*:* |
|
| Vendors & Products |
Autodesk
Autodesk 3ds Max Autodesk arnold Autodesk usd For Arnold |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: autodesk
Published:
Updated: 2026-02-26T15:04:20.838Z
Reserved: 2026-01-06T19:58:21.363Z
Link: CVE-2026-0659
Vulnrichment
Updated: 2026-02-04T16:38:35.606Z
NVD
Status : Deferred
Published: 2026-02-04T17:16:12.623
Modified: 2026-04-15T00:35:42.020
Link: CVE-2026-0659
Redhat
No data.
OpenCVE Enrichment
No data.