Description
A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.
Published: 2026-07-01
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition flaw exists in BIOVIA Workbook that can allow a user to read data from another user’s session. The vulnerability arises when concurrent operations on shared data are not properly synchronized, enabling a timing attack that bypasses access controls. The weakness is classified as CWE-362 and its primary consequence is the disclosure of confidential information to an unauthorised user.

Affected Systems

Dassault Systèmes manufactures BIOVIA Workbook, and versions released between 2021 through 2026 are affected. This includes all product releases within that range regardless of patch level, as the flaw originates in the core concurrency handling of the application.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity, yet an EPSS score is unavailable; therefore the exploitation probability is uncertain. Based on the description, it is inferred that attackers would need the ability to run or influence concurrent processes within the application, implying a local or same-user context; network-based exploitation is unlikely unless the application is exposed to untrusted input that can trigger the race. The flaw is not listed in the CISA KEV catalog, suggesting no widespread, actively exploited incidents as of this assessment. Mitigation requires preventing concurrent access or ensuring proper synchronization, as detailed in the remediation steps.

Generated by OpenCVE AI on July 2, 2026 at 05:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or upgrade to a later release that resolves the race condition
  • Enforce least‑privilege permissions so that users cannot read data belonging to others
  • Enable and review detailed security logging for anomalous read operations

Generated by OpenCVE AI on July 2, 2026 at 05:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 12:45:00 +0000

Type Values Removed Values Added
Description A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.
Title Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2026-07-01T13:36:37.270Z

Reserved: 2026-03-30T07:15:44.963Z

Link: CVE-2026-5120

cve-icon Vulnrichment

Updated: 2026-07-01T13:36:33.556Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T05:45:03Z

Weaknesses
  • CWE-362

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')