Description
A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.
Published: 2026-03-16
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Code Execution
Action: Patch Immediately
AI Analysis

Impact

A code injection flaw (CWE‑94) in Dassault Systèmes SOLIDWORKS Desktop releases 2025 through 2026 allows an attacker to execute arbitrary code on the user’s machine when a specially crafted file is opened. Key detail from CVE description: the vulnerability is triggered during file processing, providing code execution under the current user’s context and potentially granting full access to the system if the user is an administrator.

Affected Systems

Any installation of SOLIDWORKS Desktop that falls within Release 2025 or Release 2026 is vulnerable; no specific sub‑versions or build numbers are listed, and available patches are not provided in the advisories.

Risk and Exploitability

The CVSS score of 7.8 indicates moderate‑to‑high severity, while the EPSS of less than 1 % suggests a low current likelihood of exploitation. Based on the description, it is inferred that the attacker must supply a malicious file that the user opens, implying a local, user‑initiated attack vector. The vulnerability is not listed in CISA’s KEV catalog and thus is not known to be actively exploited in the wild. Until an official patch is released, the risk persists for all affected installations, especially for environments that routinely process untrusted design files.

Generated by OpenCVE AI on March 17, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Dassault Systèmes’ security advisory for an official patch or update and apply it immediately.
  • Verify that your SOLIDWORKS Desktop installation is not a Release 2025 or Release 2026 build; if it is, treat it as vulnerable until patched.
  • Avoid opening files from unknown or untrusted sources until the vulnerability is patched.
  • Maintain up‑to‑date anti‑virus or endpoint protection to detect malicious files.
  • Monitor logs for abnormal execution of SOLIDWORKS processes that may indicate exploitation attempts.

Generated by OpenCVE AI on March 17, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared 3ds
3ds solidworks
CPEs cpe:2.3:a:3ds:solidworks:*:*:*:*:*:*:*:*
cpe:2.3:a:3ds:solidworks:2026:sp0:*:*:*:*:*:*
Vendors & Products 3ds
3ds solidworks

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Dassault Systèmes
Dassault Systèmes solidworks Edrawings
Vendors & Products Dassault Systèmes
Dassault Systèmes solidworks Edrawings

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Mon, 16 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file. A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.
Title Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026
References

Mon, 16 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description A Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.
Title Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

3ds Solidworks
Dassault Systèmes Solidworks Edrawings
cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2026-03-17T03:55:29.037Z

Reserved: 2026-03-03T13:13:51.497Z

Link: CVE-2026-3476

cve-icon Vulnrichment

Updated: 2026-03-16T18:44:21.081Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:48.130

Modified: 2026-06-08T14:36:25.803

Link: CVE-2026-3476

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T08:00:25Z

Weaknesses