Description
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Published: 2026-06-17
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when a maliciously crafted RFA file is converted to FormIt in Autodesk Revit. The file parsing routine can trigger a NULL Pointer Dereference, causing the application to crash. This results in a denial-of-service condition for any user attempting the conversion operation and can disrupt workflows in shared or production environments.

Affected Systems

Autodesk Revit versions 2024.3.5, 2025.4.5, 2026.4.1, and 2027.1 are susceptible. The issue manifests in the Convert RFA to FormIt feature across these releases.

Risk and Exploitability

The CVSS score of 5.5 reflects moderate severity, while the EPSS score of less than 1% indicates low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a specially crafted RFA file to a user with access to Revit; the attack vector is local or remote file upload, inferred from the workflow context. Successful exploitation would merely crash the application, yielding a denial-of-service rather than code execution or data compromise.

Generated by OpenCVE AI on June 18, 2026 at 18:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Autodesk Revit patch or update when available
  • Avoid opening untrusted RFA files in the Convert RFA to FormIt workflow until a fix is released
  • Implement restricted file handling policies to prevent automatic conversion of unknown RFA files

Generated by OpenCVE AI on June 18, 2026 at 18:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Title RFA File Parsing Vulnerability in Autodesk Revit
First Time appeared Autodesk
Autodesk revit
Weaknesses CWE-476
CPEs cpe:2.3:a:autodesk:revit:2024.3.5:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:revit:2025.4.5:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:revit:2026.4.1:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:revit:2027.1:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk revit
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Autodesk Revit
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-06-17T17:30:51.745Z

Reserved: 2026-01-21T14:43:31.726Z

Link: CVE-2026-1288

cve-icon Vulnrichment

Updated: 2026-06-17T17:30:39.356Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:45:03Z

Weaknesses