Description
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.
Published: 2026-05-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A maliciously crafted WRL file can be parsed by Autodesk 3ds Max to exhaust stack memory, causing the application to crash and creating a Denial of Service condition. The weakness is an uncontrolled memory allocation reflected by CWE‑674.

Affected Systems

Autodesk 3ds Max versions 2026 and 2027 are affected by this defect; the flaw originates in the file parsing routine for .wrl files.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity vulnerability, and it is not listed in the CISA KEV catalog, suggesting no known public exploits. The EPSS score of < 1% indicates a very low likelihood of exploitation, but the impact is limited to a local environment where an attacker can supply a crafted WRL file. Based on the description, the likely attack vector is a local or remote user who is able to open or process a malicious WRL file in the application, leading to application crash and denial of service.

Generated by OpenCVE AI on June 3, 2026 at 16:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Look up the latest Autodesk Security Advisories for an update that addresses the stack exhaustion issue when parsing WRL files and install that patch as soon as it is published.
  • Until a patch is available, restrict the loading of .wrl files—either by disabling the import option for WRL files in the application settings or by using a file‑type filter to block these files from being processed.
  • Maintain all Autodesk software, including 3ds Max, and system components with the latest vendor patches, and avoid opening files downloaded from untrusted sources.

Generated by OpenCVE AI on June 3, 2026 at 16:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Tue, 26 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.
Title WRL File Parsing Memory Exhaustion in Autodesk 3ds Max
First Time appeared Autodesk
Autodesk 3ds Max
Weaknesses CWE-674
CPEs cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
Vendors & Products Autodesk
Autodesk 3ds Max
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Autodesk 3ds Max
cve-icon MITRE

Status: PUBLISHED

Assigner: autodesk

Published:

Updated: 2026-06-03T13:39:18.808Z

Reserved: 2026-04-29T17:19:12.725Z

Link: CVE-2026-7453

cve-icon Vulnrichment

Updated: 2026-05-26T18:38:58.871Z

cve-icon NVD

Status : Modified

Published: 2026-05-26T18:16:56.033

Modified: 2026-06-03T14:16:46.937

Link: CVE-2026-7453

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T16:15:22Z

Weaknesses