Description
An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
Published: 2026-02-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

An out‑of‑bounds write flaw in the EPRT file reader of SOLIDWORKS eDrawings enables a malicious user to execute arbitrary code when a specially crafted file is opened. The vulnerability is a classic memory corruption issue (CWE‑787) that can compromise confidentiality, integrity, and availability of the system running eDrawings.

Affected Systems

Dassault Systèmes SOLIDWORKS eDrawings releases 2025 and 2026, including all service packs from SP1.0 up to SP5.0 for 2025 and SP1.1 for 2026, are affected.

Risk and Exploitability

The CVSS score of 7.8 signals high severity, while the EPSS score of less than 1% indicates a very low current probability of exploitation. The flaw is not listed in the CISA KEV catalog. The attack vector likely requires the attacker to supply a crafted EPRT file to a user, which is inferred from the description, thus it is a local file‑based exploit. The privilege level required for successful exploitation is not explicitly stated in the description, which we infer may be the privileges under which the application runs.

Generated by OpenCVE AI on April 18, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a patched release of SOLIDWORKS eDrawings that includes the fix (e.g., the latest available release for 2025 or 2026).
  • If an upgrade cannot be performed immediately, limit EPRT file opening to trusted sources only or disable the EPRT import function until a patch is applied.
  • Use endpoint security or file‑scanning tools to examine all EPRT files for malicious payloads before allowing them to be opened.

Generated by OpenCVE AI on April 18, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared 3ds
3ds solidworks Edrawings
CPEs cpe:2.3:a:3ds:solidworks_edrawings:2025:-:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2025:sp1.0:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2025:sp2.0:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2025:sp3.0:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2025:sp4.0:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2025:sp5.0:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2026:-:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks_edrawings:2026:sp1.1:*:*:*:*:*:*
Vendors & Products 3ds
3ds solidworks Edrawings

Tue, 17 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Feb 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Dassault Systèmes
Dassault Systèmes solidworks Edrawings
Vendors & Products Dassault Systèmes
Dassault Systèmes solidworks Edrawings

Mon, 16 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
Description An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
Title Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

3ds Solidworks Edrawings
Dassault Systèmes Solidworks Edrawings
cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2026-02-26T14:44:19.860Z

Reserved: 2026-01-22T08:11:00.363Z

Link: CVE-2026-1335

cve-icon Vulnrichment

Updated: 2026-02-17T14:55:14.976Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-16T14:16:18.303

Modified: 2026-02-26T18:15:57.777

Link: CVE-2026-1335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:45:08Z

Weaknesses