Description
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.
Published: 2026-06-17
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Path Traversal vulnerability in SOLIDWORKS Visualize allows an attacker to write arbitrary files on the server. If the attacker can place files in executable or configuration directories, they could gain privileged access or execute malicious code, compromising confidentiality, integrity, and availability of the system.

Affected Systems

Dassault Systèmes SOLIDWORKS Visualize versions 2024 through 2026 are affected. No specific patch versions are listed, but any release in this range may be vulnerable.

Risk and Exploitability

The CVSS score of 9.8 reflects a severe risk. The EPSS score of less than 1% indicates a low current exploitation probability, but the vulnerability is not listed in CISA KEV yet. Likely the attack vector is remote, inferred from the ability to write files on the server, possibly via web interfaces or APIs. Exploitation would require the attacker to supply a crafted path that traverses directories beyond the intended storage scope.

Generated by OpenCVE AI on June 17, 2026 at 17:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑provided patch or upgrade to a SOLIDWORKS Visualize release that is outside the 2024–2026 range.
  • Restrict write permissions on sensitive directories to prevent unauthorized file creation.
  • Configure a web application firewall to detect and block path‑traversal patterns.

Generated by OpenCVE AI on June 17, 2026 at 17:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Dassault Systèmes
Dassault Systèmes solidworks Visualize
Vendors & Products Dassault Systèmes
Dassault Systèmes solidworks Visualize

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.
Title Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Dassault Systèmes Solidworks Visualize
cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2026-06-17T13:52:42.800Z

Reserved: 2026-05-29T13:51:53.949Z

Link: CVE-2026-10094

cve-icon Vulnrichment

Updated: 2026-06-17T13:52:17.798Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:42:27Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')